Coverage Report

Created: 2024-11-21 07:03

/src/openssl/crypto/provider_core.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <assert.h>
11
#include <openssl/core.h>
12
#include <openssl/core_dispatch.h>
13
#include <openssl/core_names.h>
14
#include <openssl/provider.h>
15
#include <openssl/params.h>
16
#include <openssl/opensslv.h>
17
#include "crypto/cryptlib.h"
18
#ifndef FIPS_MODULE
19
#include "crypto/decoder.h" /* ossl_decoder_store_cache_flush */
20
#include "crypto/encoder.h" /* ossl_encoder_store_cache_flush */
21
#include "crypto/store.h" /* ossl_store_loader_store_cache_flush */
22
#endif
23
#include "crypto/evp.h" /* evp_method_store_cache_flush */
24
#include "crypto/rand.h"
25
#include "internal/nelem.h"
26
#include "internal/thread_once.h"
27
#include "internal/provider.h"
28
#include "internal/refcount.h"
29
#include "internal/bio.h"
30
#include "internal/core.h"
31
#include "provider_local.h"
32
#include "crypto/context.h"
33
#ifndef FIPS_MODULE
34
# include <openssl/self_test.h>
35
# include <openssl/indicator.h>
36
#endif
37
38
/*
39
 * This file defines and uses a number of different structures:
40
 *
41
 * OSSL_PROVIDER (provider_st): Used to represent all information related to a
42
 * single instance of a provider.
43
 *
44
 * provider_store_st: Holds information about the collection of providers that
45
 * are available within the current library context (OSSL_LIB_CTX). It also
46
 * holds configuration information about providers that could be loaded at some
47
 * future point.
48
 *
49
 * OSSL_PROVIDER_CHILD_CB: An instance of this structure holds the callbacks
50
 * that have been registered for a child library context and the associated
51
 * provider that registered those callbacks.
52
 *
53
 * Where a child library context exists then it has its own instance of the
54
 * provider store. Each provider that exists in the parent provider store, has
55
 * an associated child provider in the child library context's provider store.
56
 * As providers get activated or deactivated this needs to be mirrored in the
57
 * associated child providers.
58
 *
59
 * LOCKING
60
 * =======
61
 *
62
 * There are a number of different locks used in this file and it is important
63
 * to understand how they should be used in order to avoid deadlocks.
64
 *
65
 * Fields within a structure can often be "write once" on creation, and then
66
 * "read many". Creation of a structure is done by a single thread, and
67
 * therefore no lock is required for the "write once/read many" fields. It is
68
 * safe for multiple threads to read these fields without a lock, because they
69
 * will never be changed.
70
 *
71
 * However some fields may be changed after a structure has been created and
72
 * shared between multiple threads. Where this is the case a lock is required.
73
 *
74
 * The locks available are:
75
 *
76
 * The provider flag_lock: Used to control updates to the various provider
77
 * "flags" (flag_initialized and flag_activated).
78
 *
79
 * The provider activatecnt_lock: Used to control updates to the provider
80
 * activatecnt value.
81
 *
82
 * The provider optbits_lock: Used to control access to the provider's
83
 * operation_bits and operation_bits_sz fields.
84
 *
85
 * The store default_path_lock: Used to control access to the provider store's
86
 * default search path value (default_path)
87
 *
88
 * The store lock: Used to control the stack of provider's held within the
89
 * provider store, as well as the stack of registered child provider callbacks.
90
 *
91
 * As a general rule-of-thumb it is best to:
92
 *  - keep the scope of the code that is protected by a lock to the absolute
93
 *    minimum possible;
94
 *  - try to keep the scope of the lock to within a single function (i.e. avoid
95
 *    making calls to other functions while holding a lock);
96
 *  - try to only ever hold one lock at a time.
97
 *
98
 * Unfortunately, it is not always possible to stick to the above guidelines.
99
 * Where they are not adhered to there is always a danger of inadvertently
100
 * introducing the possibility of deadlock. The following rules MUST be adhered
101
 * to in order to avoid that:
102
 *  - Holding multiple locks at the same time is only allowed for the
103
 *    provider store lock, the provider activatecnt_lock and the provider flag_lock.
104
 *  - When holding multiple locks they must be acquired in the following order of
105
 *    precedence:
106
 *        1) provider store lock
107
 *        2) provider flag_lock
108
 *        3) provider activatecnt_lock
109
 *  - When releasing locks they must be released in the reverse order to which
110
 *    they were acquired
111
 *  - No locks may be held when making an upcall. NOTE: Some common functions
112
 *    can make upcalls as part of their normal operation. If you need to call
113
 *    some other function while holding a lock make sure you know whether it
114
 *    will make any upcalls or not. For example ossl_provider_up_ref() can call
115
 *    ossl_provider_up_ref_parent() which can call the c_prov_up_ref() upcall.
116
 *  - It is permissible to hold the store and flag locks when calling child
117
 *    provider callbacks. No other locks may be held during such callbacks.
118
 */
119
120
static OSSL_PROVIDER *provider_new(const char *name,
121
                                   OSSL_provider_init_fn *init_function,
122
                                   STACK_OF(INFOPAIR) *parameters);
123
124
/*-
125
 * Provider Object structure
126
 * =========================
127
 */
128
129
#ifndef FIPS_MODULE
130
typedef struct {
131
    OSSL_PROVIDER *prov;
132
    int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata);
133
    int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata);
134
    int (*global_props_cb)(const char *props, void *cbdata);
135
    void *cbdata;
136
} OSSL_PROVIDER_CHILD_CB;
137
DEFINE_STACK_OF(OSSL_PROVIDER_CHILD_CB)
138
#endif
139
140
struct provider_store_st;        /* Forward declaration */
141
142
struct ossl_provider_st {
143
    /* Flag bits */
144
    unsigned int flag_initialized:1;
145
    unsigned int flag_activated:1;
146
147
    /* Getting and setting the flags require synchronization */
148
    CRYPTO_RWLOCK *flag_lock;
149
150
    /* OpenSSL library side data */
151
    CRYPTO_REF_COUNT refcnt;
152
    CRYPTO_RWLOCK *activatecnt_lock; /* For the activatecnt counter */
153
    int activatecnt;
154
    char *name;
155
    char *path;
156
    DSO *module;
157
    OSSL_provider_init_fn *init_function;
158
    STACK_OF(INFOPAIR) *parameters;
159
    OSSL_LIB_CTX *libctx; /* The library context this instance is in */
160
    struct provider_store_st *store; /* The store this instance belongs to */
161
#ifndef FIPS_MODULE
162
    /*
163
     * In the FIPS module inner provider, this isn't needed, since the
164
     * error upcalls are always direct calls to the outer provider.
165
     */
166
    int error_lib;     /* ERR library number, one for each provider */
167
# ifndef OPENSSL_NO_ERR
168
    ERR_STRING_DATA *error_strings; /* Copy of what the provider gives us */
169
# endif
170
#endif
171
172
    /* Provider side functions */
173
    OSSL_FUNC_provider_teardown_fn *teardown;
174
    OSSL_FUNC_provider_gettable_params_fn *gettable_params;
175
    OSSL_FUNC_provider_get_params_fn *get_params;
176
    OSSL_FUNC_provider_get_capabilities_fn *get_capabilities;
177
    OSSL_FUNC_provider_self_test_fn *self_test;
178
    OSSL_FUNC_provider_query_operation_fn *query_operation;
179
    OSSL_FUNC_provider_unquery_operation_fn *unquery_operation;
180
181
    /*
182
     * Cache of bit to indicate of query_operation() has been called on
183
     * a specific operation or not.
184
     */
185
    unsigned char *operation_bits;
186
    size_t operation_bits_sz;
187
    CRYPTO_RWLOCK *opbits_lock;
188
189
#ifndef FIPS_MODULE
190
    /* Whether this provider is the child of some other provider */
191
    const OSSL_CORE_HANDLE *handle;
192
    unsigned int ischild:1;
193
#endif
194
195
    /* Provider side data */
196
    void *provctx;
197
    const OSSL_DISPATCH *dispatch;
198
};
199
DEFINE_STACK_OF(OSSL_PROVIDER)
200
201
static int ossl_provider_cmp(const OSSL_PROVIDER * const *a,
202
                             const OSSL_PROVIDER * const *b)
203
0
{
204
0
    return strcmp((*a)->name, (*b)->name);
205
0
}
206
207
/*-
208
 * Provider Object store
209
 * =====================
210
 *
211
 * The Provider Object store is a library context object, and therefore needs
212
 * an index.
213
 */
214
215
struct provider_store_st {
216
    OSSL_LIB_CTX *libctx;
217
    STACK_OF(OSSL_PROVIDER) *providers;
218
    STACK_OF(OSSL_PROVIDER_CHILD_CB) *child_cbs;
219
    CRYPTO_RWLOCK *default_path_lock;
220
    CRYPTO_RWLOCK *lock;
221
    char *default_path;
222
    OSSL_PROVIDER_INFO *provinfo;
223
    size_t numprovinfo;
224
    size_t provinfosz;
225
    unsigned int use_fallbacks:1;
226
    unsigned int freeing:1;
227
};
228
229
/*
230
 * provider_deactivate_free() is a wrapper around ossl_provider_deactivate()
231
 * and ossl_provider_free(), called as needed.
232
 * Since this is only called when the provider store is being emptied, we
233
 * don't need to care about any lock.
234
 */
235
static void provider_deactivate_free(OSSL_PROVIDER *prov)
236
2
{
237
2
    if (prov->flag_activated)
238
2
        ossl_provider_deactivate(prov, 1);
239
2
    ossl_provider_free(prov);
240
2
}
241
242
#ifndef FIPS_MODULE
243
static void ossl_provider_child_cb_free(OSSL_PROVIDER_CHILD_CB *cb)
244
0
{
245
0
    OPENSSL_free(cb);
246
0
}
247
#endif
248
249
static void infopair_free(INFOPAIR *pair)
250
0
{
251
0
    OPENSSL_free(pair->name);
252
0
    OPENSSL_free(pair->value);
253
0
    OPENSSL_free(pair);
254
0
}
255
256
static INFOPAIR *infopair_copy(const INFOPAIR *src)
257
0
{
258
0
    INFOPAIR *dest = OPENSSL_zalloc(sizeof(*dest));
259
260
0
    if (dest == NULL)
261
0
        return NULL;
262
0
    if (src->name != NULL) {
263
0
        dest->name = OPENSSL_strdup(src->name);
264
0
        if (dest->name == NULL)
265
0
            goto err;
266
0
    }
267
0
    if (src->value != NULL) {
268
0
        dest->value = OPENSSL_strdup(src->value);
269
0
        if (dest->value == NULL)
270
0
            goto err;
271
0
    }
272
0
    return dest;
273
0
 err:
274
0
    OPENSSL_free(dest->name);
275
0
    OPENSSL_free(dest);
276
0
    return NULL;
277
0
}
278
279
void ossl_provider_info_clear(OSSL_PROVIDER_INFO *info)
280
0
{
281
0
    OPENSSL_free(info->name);
282
0
    OPENSSL_free(info->path);
283
0
    sk_INFOPAIR_pop_free(info->parameters, infopair_free);
284
0
}
285
286
void ossl_provider_store_free(void *vstore)
287
4
{
288
4
    struct provider_store_st *store = vstore;
289
4
    size_t i;
290
291
4
    if (store == NULL)
292
0
        return;
293
4
    store->freeing = 1;
294
4
    OPENSSL_free(store->default_path);
295
4
    sk_OSSL_PROVIDER_pop_free(store->providers, provider_deactivate_free);
296
4
#ifndef FIPS_MODULE
297
4
    sk_OSSL_PROVIDER_CHILD_CB_pop_free(store->child_cbs,
298
4
                                       ossl_provider_child_cb_free);
299
4
#endif
300
4
    CRYPTO_THREAD_lock_free(store->default_path_lock);
301
4
    CRYPTO_THREAD_lock_free(store->lock);
302
4
    for (i = 0; i < store->numprovinfo; i++)
303
0
        ossl_provider_info_clear(&store->provinfo[i]);
304
4
    OPENSSL_free(store->provinfo);
305
4
    OPENSSL_free(store);
306
4
}
307
308
void *ossl_provider_store_new(OSSL_LIB_CTX *ctx)
309
4
{
310
4
    struct provider_store_st *store = OPENSSL_zalloc(sizeof(*store));
311
312
4
    if (store == NULL
313
4
        || (store->providers = sk_OSSL_PROVIDER_new(ossl_provider_cmp)) == NULL
314
4
        || (store->default_path_lock = CRYPTO_THREAD_lock_new()) == NULL
315
4
#ifndef FIPS_MODULE
316
4
        || (store->child_cbs = sk_OSSL_PROVIDER_CHILD_CB_new_null()) == NULL
317
4
#endif
318
4
        || (store->lock = CRYPTO_THREAD_lock_new()) == NULL) {
319
0
        ossl_provider_store_free(store);
320
0
        return NULL;
321
0
    }
322
4
    store->libctx = ctx;
323
4
    store->use_fallbacks = 1;
324
325
4
    return store;
326
4
}
327
328
static struct provider_store_st *get_provider_store(OSSL_LIB_CTX *libctx)
329
3.10k
{
330
3.10k
    struct provider_store_st *store = NULL;
331
332
3.10k
    store = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_STORE_INDEX);
333
3.10k
    if (store == NULL)
334
3.10k
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
335
3.10k
    return store;
336
3.10k
}
337
338
int ossl_provider_disable_fallback_loading(OSSL_LIB_CTX *libctx)
339
0
{
340
0
    struct provider_store_st *store;
341
342
0
    if ((store = get_provider_store(libctx)) != NULL) {
343
0
        if (!CRYPTO_THREAD_write_lock(store->lock))
344
0
            return 0;
345
0
        store->use_fallbacks = 0;
346
0
        CRYPTO_THREAD_unlock(store->lock);
347
0
        return 1;
348
0
    }
349
0
    return 0;
350
0
}
351
352
0
#define BUILTINS_BLOCK_SIZE     10
353
354
int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx,
355
                                    OSSL_PROVIDER_INFO *entry)
356
0
{
357
0
    struct provider_store_st *store = get_provider_store(libctx);
358
0
    int ret = 0;
359
360
0
    if (entry->name == NULL) {
361
0
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
362
0
        return 0;
363
0
    }
364
365
0
    if (store == NULL) {
366
0
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
367
0
        return 0;
368
0
    }
369
370
0
    if (!CRYPTO_THREAD_write_lock(store->lock))
371
0
        return 0;
372
0
    if (store->provinfosz == 0) {
373
0
        store->provinfo = OPENSSL_zalloc(sizeof(*store->provinfo)
374
0
                                         * BUILTINS_BLOCK_SIZE);
375
0
        if (store->provinfo == NULL)
376
0
            goto err;
377
0
        store->provinfosz = BUILTINS_BLOCK_SIZE;
378
0
    } else if (store->numprovinfo == store->provinfosz) {
379
0
        OSSL_PROVIDER_INFO *tmpbuiltins;
380
0
        size_t newsz = store->provinfosz + BUILTINS_BLOCK_SIZE;
381
382
0
        tmpbuiltins = OPENSSL_realloc(store->provinfo,
383
0
                                      sizeof(*store->provinfo) * newsz);
384
0
        if (tmpbuiltins == NULL)
385
0
            goto err;
386
0
        store->provinfo = tmpbuiltins;
387
0
        store->provinfosz = newsz;
388
0
    }
389
0
    store->provinfo[store->numprovinfo] = *entry;
390
0
    store->numprovinfo++;
391
392
0
    ret = 1;
393
0
 err:
394
0
    CRYPTO_THREAD_unlock(store->lock);
395
0
    return ret;
396
0
}
397
398
OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
399
                                  ossl_unused int noconfig)
400
0
{
401
0
    struct provider_store_st *store = NULL;
402
0
    OSSL_PROVIDER *prov = NULL;
403
404
0
    if ((store = get_provider_store(libctx)) != NULL) {
405
0
        OSSL_PROVIDER tmpl = { 0, };
406
0
        int i;
407
408
0
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
409
        /*
410
         * Make sure any providers are loaded from config before we try to find
411
         * them.
412
         */
413
0
        if (!noconfig) {
414
0
            if (ossl_lib_ctx_is_default(libctx))
415
0
                OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
416
0
        }
417
0
#endif
418
419
0
        tmpl.name = (char *)name;
420
0
        if (!CRYPTO_THREAD_write_lock(store->lock))
421
0
            return NULL;
422
0
        sk_OSSL_PROVIDER_sort(store->providers);
423
0
        if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) != -1)
424
0
            prov = sk_OSSL_PROVIDER_value(store->providers, i);
425
0
        CRYPTO_THREAD_unlock(store->lock);
426
0
        if (prov != NULL && !ossl_provider_up_ref(prov))
427
0
            prov = NULL;
428
0
    }
429
430
0
    return prov;
431
0
}
432
433
/*-
434
 * Provider Object methods
435
 * =======================
436
 */
437
438
static OSSL_PROVIDER *provider_new(const char *name,
439
                                   OSSL_provider_init_fn *init_function,
440
                                   STACK_OF(INFOPAIR) *parameters)
441
2
{
442
2
    OSSL_PROVIDER *prov = NULL;
443
444
2
    if ((prov = OPENSSL_zalloc(sizeof(*prov))) == NULL)
445
0
        return NULL;
446
2
    if (!CRYPTO_NEW_REF(&prov->refcnt, 1)) {
447
0
        OPENSSL_free(prov);
448
0
        return NULL;
449
0
    }
450
2
    if ((prov->activatecnt_lock = CRYPTO_THREAD_lock_new()) == NULL) {
451
0
        ossl_provider_free(prov);
452
0
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB);
453
0
        return NULL;
454
0
    }
455
456
2
    if ((prov->opbits_lock = CRYPTO_THREAD_lock_new()) == NULL
457
2
        || (prov->flag_lock = CRYPTO_THREAD_lock_new()) == NULL
458
2
        || (prov->parameters = sk_INFOPAIR_deep_copy(parameters,
459
2
                                                     infopair_copy,
460
2
                                                     infopair_free)) == NULL) {
461
0
        ossl_provider_free(prov);
462
0
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB);
463
0
        return NULL;
464
0
    }
465
2
    if ((prov->name = OPENSSL_strdup(name)) == NULL) {
466
0
        ossl_provider_free(prov);
467
0
        return NULL;
468
0
    }
469
470
2
    prov->init_function = init_function;
471
472
2
    return prov;
473
2
}
474
475
int ossl_provider_up_ref(OSSL_PROVIDER *prov)
476
508
{
477
508
    int ref = 0;
478
479
508
    if (CRYPTO_UP_REF(&prov->refcnt, &ref) <= 0)
480
0
        return 0;
481
482
508
#ifndef FIPS_MODULE
483
508
    if (prov->ischild) {
484
0
        if (!ossl_provider_up_ref_parent(prov, 0)) {
485
0
            ossl_provider_free(prov);
486
0
            return 0;
487
0
        }
488
0
    }
489
508
#endif
490
491
508
    return ref;
492
508
}
493
494
#ifndef FIPS_MODULE
495
static int provider_up_ref_intern(OSSL_PROVIDER *prov, int activate)
496
0
{
497
0
    if (activate)
498
0
        return ossl_provider_activate(prov, 1, 0);
499
500
0
    return ossl_provider_up_ref(prov);
501
0
}
502
503
static int provider_free_intern(OSSL_PROVIDER *prov, int deactivate)
504
0
{
505
0
    if (deactivate)
506
0
        return ossl_provider_deactivate(prov, 1);
507
508
0
    ossl_provider_free(prov);
509
0
    return 1;
510
0
}
511
#endif
512
513
/*
514
 * We assume that the requested provider does not already exist in the store.
515
 * The caller should check. If it does exist then adding it to the store later
516
 * will fail.
517
 */
518
OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name,
519
                                 OSSL_provider_init_fn *init_function,
520
                                 OSSL_PARAM *params, int noconfig)
521
0
{
522
0
    struct provider_store_st *store = NULL;
523
0
    OSSL_PROVIDER_INFO template;
524
0
    OSSL_PROVIDER *prov = NULL;
525
526
0
    if ((store = get_provider_store(libctx)) == NULL)
527
0
        return NULL;
528
529
0
    memset(&template, 0, sizeof(template));
530
0
    if (init_function == NULL) {
531
0
        const OSSL_PROVIDER_INFO *p;
532
0
        size_t i;
533
534
        /* Check if this is a predefined builtin provider */
535
0
        for (p = ossl_predefined_providers; p->name != NULL; p++) {
536
0
            if (strcmp(p->name, name) == 0) {
537
0
                template = *p;
538
0
                break;
539
0
            }
540
0
        }
541
0
        if (p->name == NULL) {
542
            /* Check if this is a user added provider */
543
0
            if (!CRYPTO_THREAD_read_lock(store->lock))
544
0
                return NULL;
545
0
            for (i = 0, p = store->provinfo; i < store->numprovinfo; p++, i++) {
546
0
                if (strcmp(p->name, name) == 0) {
547
0
                    template = *p;
548
0
                    break;
549
0
                }
550
0
            }
551
0
            CRYPTO_THREAD_unlock(store->lock);
552
0
        }
553
0
    } else {
554
0
        template.init = init_function;
555
0
    }
556
557
0
    if (params != NULL) {
558
0
        int i;
559
560
0
        template.parameters = sk_INFOPAIR_new_null();
561
0
        if (template.parameters == NULL)
562
0
            return NULL;
563
564
0
        for (i = 0; params[i].key != NULL; i++) {
565
0
            if (params[i].data_type != OSSL_PARAM_UTF8_STRING)
566
0
                continue;
567
0
            if (ossl_provider_info_add_parameter(&template, params[i].key,
568
0
                                                 (char *)params[i].data) <= 0) {
569
0
                sk_INFOPAIR_pop_free(template.parameters, infopair_free);
570
0
                return NULL;
571
0
            }
572
0
        }
573
0
    }
574
575
    /* provider_new() generates an error, so no need here */
576
0
    prov = provider_new(name, template.init, template.parameters);
577
578
0
    if (params != NULL) /* We copied the parameters, let's free them */
579
0
        sk_INFOPAIR_pop_free(template.parameters, infopair_free);
580
581
0
    if (prov == NULL)
582
0
        return NULL;
583
584
0
    if (!ossl_provider_set_module_path(prov, template.path)) {
585
0
        ossl_provider_free(prov);
586
0
        return NULL;
587
0
    }
588
589
0
    prov->libctx = libctx;
590
0
#ifndef FIPS_MODULE
591
0
    prov->error_lib = ERR_get_next_error_library();
592
0
#endif
593
594
    /*
595
     * At this point, the provider is only partially "loaded".  To be
596
     * fully "loaded", ossl_provider_activate() must also be called and it must
597
     * then be added to the provider store.
598
     */
599
600
0
    return prov;
601
0
}
602
603
/* Assumes that the store lock is held */
604
static int create_provider_children(OSSL_PROVIDER *prov)
605
0
{
606
0
    int ret = 1;
607
0
#ifndef FIPS_MODULE
608
0
    struct provider_store_st *store = prov->store;
609
0
    OSSL_PROVIDER_CHILD_CB *child_cb;
610
0
    int i, max;
611
612
0
    max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
613
0
    for (i = 0; i < max; i++) {
614
        /*
615
         * This is newly activated (activatecnt == 1), so we need to
616
         * create child providers as necessary.
617
         */
618
0
        child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i);
619
0
        ret &= child_cb->create_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata);
620
0
    }
621
0
#endif
622
623
0
    return ret;
624
0
}
625
626
int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov,
627
                               int retain_fallbacks)
628
0
{
629
0
    struct provider_store_st *store;
630
0
    int idx;
631
0
    OSSL_PROVIDER tmpl = { 0, };
632
0
    OSSL_PROVIDER *actualtmp = NULL;
633
634
0
    if (actualprov != NULL)
635
0
        *actualprov = NULL;
636
637
0
    if ((store = get_provider_store(prov->libctx)) == NULL)
638
0
        return 0;
639
640
0
    if (!CRYPTO_THREAD_write_lock(store->lock))
641
0
        return 0;
642
643
0
    tmpl.name = (char *)prov->name;
644
0
    idx = sk_OSSL_PROVIDER_find(store->providers, &tmpl);
645
0
    if (idx == -1)
646
0
        actualtmp = prov;
647
0
    else
648
0
        actualtmp = sk_OSSL_PROVIDER_value(store->providers, idx);
649
650
0
    if (idx == -1) {
651
0
        if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0)
652
0
            goto err;
653
0
        prov->store = store;
654
0
        if (!create_provider_children(prov)) {
655
0
            sk_OSSL_PROVIDER_delete_ptr(store->providers, prov);
656
0
            goto err;
657
0
        }
658
0
        if (!retain_fallbacks)
659
0
            store->use_fallbacks = 0;
660
0
    }
661
662
0
    CRYPTO_THREAD_unlock(store->lock);
663
664
0
    if (actualprov != NULL) {
665
0
        if (!ossl_provider_up_ref(actualtmp)) {
666
0
            ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB);
667
0
            actualtmp = NULL;
668
0
            return 0;
669
0
        }
670
0
        *actualprov = actualtmp;
671
0
    }
672
673
0
    if (idx >= 0) {
674
        /*
675
         * The provider is already in the store. Probably two threads
676
         * independently initialised their own provider objects with the same
677
         * name and raced to put them in the store. This thread lost. We
678
         * deactivate the one we just created and use the one that already
679
         * exists instead.
680
         * If we get here then we know we did not create provider children
681
         * above, so we inform ossl_provider_deactivate not to attempt to remove
682
         * any.
683
         */
684
0
        ossl_provider_deactivate(prov, 0);
685
0
        ossl_provider_free(prov);
686
0
    }
687
0
#ifndef FIPS_MODULE
688
0
    else {
689
        /*
690
         * This can be done outside the lock. We tolerate other threads getting
691
         * the wrong result briefly when creating OSSL_DECODER_CTXs.
692
         */
693
0
        ossl_decoder_cache_flush(prov->libctx);
694
0
    }
695
0
#endif
696
697
0
    return 1;
698
699
0
 err:
700
0
    CRYPTO_THREAD_unlock(store->lock);
701
0
    return 0;
702
0
}
703
704
void ossl_provider_free(OSSL_PROVIDER *prov)
705
510
{
706
510
    if (prov != NULL) {
707
510
        int ref = 0;
708
709
510
        CRYPTO_DOWN_REF(&prov->refcnt, &ref);
710
711
        /*
712
         * When the refcount drops to zero, we clean up the provider.
713
         * Note that this also does teardown, which may seem late,
714
         * considering that init happens on first activation.  However,
715
         * there may be other structures hanging on to the provider after
716
         * the last deactivation and may therefore need full access to the
717
         * provider's services.  Therefore, we deinit late.
718
         */
719
510
        if (ref == 0) {
720
2
            if (prov->flag_initialized) {
721
2
                ossl_provider_teardown(prov);
722
2
#ifndef OPENSSL_NO_ERR
723
2
# ifndef FIPS_MODULE
724
2
                if (prov->error_strings != NULL) {
725
0
                    ERR_unload_strings(prov->error_lib, prov->error_strings);
726
0
                    OPENSSL_free(prov->error_strings);
727
0
                    prov->error_strings = NULL;
728
0
                }
729
2
# endif
730
2
#endif
731
2
                OPENSSL_free(prov->operation_bits);
732
2
                prov->operation_bits = NULL;
733
2
                prov->operation_bits_sz = 0;
734
2
                prov->flag_initialized = 0;
735
2
            }
736
737
2
#ifndef FIPS_MODULE
738
            /*
739
             * We deregister thread handling whether or not the provider was
740
             * initialized. If init was attempted but was not successful then
741
             * the provider may still have registered a thread handler.
742
             */
743
2
            ossl_init_thread_deregister(prov);
744
2
            DSO_free(prov->module);
745
2
#endif
746
2
            OPENSSL_free(prov->name);
747
2
            OPENSSL_free(prov->path);
748
2
            sk_INFOPAIR_pop_free(prov->parameters, infopair_free);
749
2
            CRYPTO_THREAD_lock_free(prov->opbits_lock);
750
2
            CRYPTO_THREAD_lock_free(prov->flag_lock);
751
2
            CRYPTO_THREAD_lock_free(prov->activatecnt_lock);
752
2
            CRYPTO_FREE_REF(&prov->refcnt);
753
2
            OPENSSL_free(prov);
754
2
        }
755
508
#ifndef FIPS_MODULE
756
508
        else if (prov->ischild) {
757
0
            ossl_provider_free_parent(prov, 0);
758
0
        }
759
510
#endif
760
510
    }
761
510
}
762
763
/* Setters */
764
int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path)
765
0
{
766
0
    OPENSSL_free(prov->path);
767
0
    prov->path = NULL;
768
0
    if (module_path == NULL)
769
0
        return 1;
770
0
    if ((prov->path = OPENSSL_strdup(module_path)) != NULL)
771
0
        return 1;
772
0
    return 0;
773
0
}
774
775
static int infopair_add(STACK_OF(INFOPAIR) **infopairsk, const char *name,
776
                        const char *value)
777
0
{
778
0
    INFOPAIR *pair = NULL;
779
780
0
    if ((pair = OPENSSL_zalloc(sizeof(*pair))) == NULL
781
0
        || (pair->name = OPENSSL_strdup(name)) == NULL
782
0
        || (pair->value = OPENSSL_strdup(value)) == NULL)
783
0
        goto err;
784
785
0
    if ((*infopairsk == NULL
786
0
         && (*infopairsk = sk_INFOPAIR_new_null()) == NULL)
787
0
        || sk_INFOPAIR_push(*infopairsk, pair) <= 0) {
788
0
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB);
789
0
        goto err;
790
0
    }
791
792
0
    return 1;
793
794
0
 err:
795
0
    if (pair != NULL) {
796
0
        OPENSSL_free(pair->name);
797
0
        OPENSSL_free(pair->value);
798
0
        OPENSSL_free(pair);
799
0
    }
800
0
    return 0;
801
0
}
802
803
int ossl_provider_add_parameter(OSSL_PROVIDER *prov,
804
                                const char *name, const char *value)
805
0
{
806
0
    return infopair_add(&prov->parameters, name, value);
807
0
}
808
809
int ossl_provider_info_add_parameter(OSSL_PROVIDER_INFO *provinfo,
810
                                     const char *name,
811
                                     const char *value)
812
0
{
813
0
    return infopair_add(&provinfo->parameters, name, value);
814
0
}
815
816
/*
817
 * Provider activation.
818
 *
819
 * What "activation" means depends on the provider form; for built in
820
 * providers (in the library or the application alike), the provider
821
 * can already be considered to be loaded, all that's needed is to
822
 * initialize it.  However, for dynamically loadable provider modules,
823
 * we must first load that module.
824
 *
825
 * Built in modules are distinguished from dynamically loaded modules
826
 * with an already assigned init function.
827
 */
828
static const OSSL_DISPATCH *core_dispatch; /* Define further down */
829
830
int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx,
831
                                          const char *path)
832
0
{
833
0
    struct provider_store_st *store;
834
0
    char *p = NULL;
835
836
0
    if (path != NULL) {
837
0
        p = OPENSSL_strdup(path);
838
0
        if (p == NULL)
839
0
            return 0;
840
0
    }
841
0
    if ((store = get_provider_store(libctx)) != NULL
842
0
            && CRYPTO_THREAD_write_lock(store->default_path_lock)) {
843
0
        OPENSSL_free(store->default_path);
844
0
        store->default_path = p;
845
0
        CRYPTO_THREAD_unlock(store->default_path_lock);
846
0
        return 1;
847
0
    }
848
0
    OPENSSL_free(p);
849
0
    return 0;
850
0
}
851
852
const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx)
853
0
{
854
0
    struct provider_store_st *store;
855
0
    char *path = NULL;
856
857
0
    if ((store = get_provider_store(libctx)) != NULL
858
0
            && CRYPTO_THREAD_read_lock(store->default_path_lock)) {
859
0
        path = store->default_path;
860
0
        CRYPTO_THREAD_unlock(store->default_path_lock);
861
0
    }
862
0
    return path;
863
0
}
864
865
/*
866
 * Internal version that doesn't affect the store flags, and thereby avoid
867
 * locking.  Direct callers must remember to set the store flags when
868
 * appropriate.
869
 */
870
static int provider_init(OSSL_PROVIDER *prov)
871
2
{
872
2
    const OSSL_DISPATCH *provider_dispatch = NULL;
873
2
    void *tmp_provctx = NULL;    /* safety measure */
874
2
#ifndef OPENSSL_NO_ERR
875
2
# ifndef FIPS_MODULE
876
2
    OSSL_FUNC_provider_get_reason_strings_fn *p_get_reason_strings = NULL;
877
2
# endif
878
2
#endif
879
2
    int ok = 0;
880
881
2
    if (!ossl_assert(!prov->flag_initialized)) {
882
0
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
883
0
        goto end;
884
0
    }
885
886
    /*
887
     * If the init function isn't set, it indicates that this provider is
888
     * a loadable module.
889
     */
890
2
    if (prov->init_function == NULL) {
891
#ifdef FIPS_MODULE
892
        goto end;
893
#else
894
0
        if (prov->module == NULL) {
895
0
            char *allocated_path = NULL;
896
0
            const char *module_path = NULL;
897
0
            char *merged_path = NULL;
898
0
            const char *load_dir = NULL;
899
0
            char *allocated_load_dir = NULL;
900
0
            struct provider_store_st *store;
901
902
0
            if ((prov->module = DSO_new()) == NULL) {
903
                /* DSO_new() generates an error already */
904
0
                goto end;
905
0
            }
906
907
0
            if ((store = get_provider_store(prov->libctx)) == NULL
908
0
                    || !CRYPTO_THREAD_read_lock(store->default_path_lock))
909
0
                goto end;
910
911
0
            if (store->default_path != NULL) {
912
0
                allocated_load_dir = OPENSSL_strdup(store->default_path);
913
0
                CRYPTO_THREAD_unlock(store->default_path_lock);
914
0
                if (allocated_load_dir == NULL)
915
0
                    goto end;
916
0
                load_dir = allocated_load_dir;
917
0
            } else {
918
0
                CRYPTO_THREAD_unlock(store->default_path_lock);
919
0
            }
920
921
0
            if (load_dir == NULL) {
922
0
                load_dir = ossl_safe_getenv("OPENSSL_MODULES");
923
0
                if (load_dir == NULL)
924
0
                    load_dir = ossl_get_modulesdir();
925
0
            }
926
927
0
            DSO_ctrl(prov->module, DSO_CTRL_SET_FLAGS,
928
0
                     DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL);
929
930
0
            module_path = prov->path;
931
0
            if (module_path == NULL)
932
0
                module_path = allocated_path =
933
0
                    DSO_convert_filename(prov->module, prov->name);
934
0
            if (module_path != NULL)
935
0
                merged_path = DSO_merge(prov->module, module_path, load_dir);
936
937
0
            if (merged_path == NULL
938
0
                || (DSO_load(prov->module, merged_path, NULL, 0)) == NULL) {
939
0
                DSO_free(prov->module);
940
0
                prov->module = NULL;
941
0
            }
942
943
0
            OPENSSL_free(merged_path);
944
0
            OPENSSL_free(allocated_path);
945
0
            OPENSSL_free(allocated_load_dir);
946
0
        }
947
948
0
        if (prov->module == NULL) {
949
            /* DSO has already recorded errors, this is just a tracepoint */
950
0
            ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_DSO_LIB,
951
0
                           "name=%s", prov->name);
952
0
            goto end;
953
0
        }
954
955
0
        prov->init_function = (OSSL_provider_init_fn *)
956
0
            DSO_bind_func(prov->module, "OSSL_provider_init");
957
0
#endif
958
0
    }
959
960
    /* Check for and call the initialise function for the provider. */
961
2
    if (prov->init_function == NULL) {
962
0
        ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED,
963
0
                       "name=%s, provider has no provider init function",
964
0
                       prov->name);
965
0
        goto end;
966
0
    }
967
2
#ifndef FIPS_MODULE
968
2
    OSSL_TRACE_BEGIN(PROVIDER) {
969
0
        BIO_printf(trc_out,
970
0
                   "(provider %s) initalizing\n", prov->name);
971
2
    } OSSL_TRACE_END(PROVIDER);
972
2
#endif
973
974
2
    if (!prov->init_function((OSSL_CORE_HANDLE *)prov, core_dispatch,
975
2
                             &provider_dispatch, &tmp_provctx)) {
976
0
        ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL,
977
0
                       "name=%s", prov->name);
978
0
        goto end;
979
0
    }
980
2
    prov->provctx = tmp_provctx;
981
2
    prov->dispatch = provider_dispatch;
982
983
2
    if (provider_dispatch != NULL) {
984
12
        for (; provider_dispatch->function_id != 0; provider_dispatch++) {
985
10
            switch (provider_dispatch->function_id) {
986
2
            case OSSL_FUNC_PROVIDER_TEARDOWN:
987
2
                prov->teardown =
988
2
                    OSSL_FUNC_provider_teardown(provider_dispatch);
989
2
                break;
990
2
            case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS:
991
2
                prov->gettable_params =
992
2
                    OSSL_FUNC_provider_gettable_params(provider_dispatch);
993
2
                break;
994
2
            case OSSL_FUNC_PROVIDER_GET_PARAMS:
995
2
                prov->get_params =
996
2
                    OSSL_FUNC_provider_get_params(provider_dispatch);
997
2
                break;
998
0
            case OSSL_FUNC_PROVIDER_SELF_TEST:
999
0
                prov->self_test =
1000
0
                    OSSL_FUNC_provider_self_test(provider_dispatch);
1001
0
                break;
1002
2
            case OSSL_FUNC_PROVIDER_GET_CAPABILITIES:
1003
2
                prov->get_capabilities =
1004
2
                    OSSL_FUNC_provider_get_capabilities(provider_dispatch);
1005
2
                break;
1006
2
            case OSSL_FUNC_PROVIDER_QUERY_OPERATION:
1007
2
                prov->query_operation =
1008
2
                    OSSL_FUNC_provider_query_operation(provider_dispatch);
1009
2
                break;
1010
0
            case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION:
1011
0
                prov->unquery_operation =
1012
0
                    OSSL_FUNC_provider_unquery_operation(provider_dispatch);
1013
0
                break;
1014
0
#ifndef OPENSSL_NO_ERR
1015
0
# ifndef FIPS_MODULE
1016
0
            case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS:
1017
0
                p_get_reason_strings =
1018
0
                    OSSL_FUNC_provider_get_reason_strings(provider_dispatch);
1019
0
                break;
1020
10
# endif
1021
10
#endif
1022
10
            }
1023
10
        }
1024
2
    }
1025
1026
2
#ifndef OPENSSL_NO_ERR
1027
2
# ifndef FIPS_MODULE
1028
2
    if (p_get_reason_strings != NULL) {
1029
0
        const OSSL_ITEM *reasonstrings = p_get_reason_strings(prov->provctx);
1030
0
        size_t cnt, cnt2;
1031
1032
        /*
1033
         * ERR_load_strings() handles ERR_STRING_DATA rather than OSSL_ITEM,
1034
         * although they are essentially the same type.
1035
         * Furthermore, ERR_load_strings() patches the array's error number
1036
         * with the error library number, so we need to make a copy of that
1037
         * array either way.
1038
         */
1039
0
        cnt = 0;
1040
0
        while (reasonstrings[cnt].id != 0) {
1041
0
            if (ERR_GET_LIB(reasonstrings[cnt].id) != 0)
1042
0
                goto end;
1043
0
            cnt++;
1044
0
        }
1045
0
        cnt++;                   /* One for the terminating item */
1046
1047
        /* Allocate one extra item for the "library" name */
1048
0
        prov->error_strings =
1049
0
            OPENSSL_zalloc(sizeof(ERR_STRING_DATA) * (cnt + 1));
1050
0
        if (prov->error_strings == NULL)
1051
0
            goto end;
1052
1053
        /*
1054
         * Set the "library" name.
1055
         */
1056
0
        prov->error_strings[0].error = ERR_PACK(prov->error_lib, 0, 0);
1057
0
        prov->error_strings[0].string = prov->name;
1058
        /*
1059
         * Copy reasonstrings item 0..cnt-1 to prov->error_trings positions
1060
         * 1..cnt.
1061
         */
1062
0
        for (cnt2 = 1; cnt2 <= cnt; cnt2++) {
1063
0
            prov->error_strings[cnt2].error = (int)reasonstrings[cnt2-1].id;
1064
0
            prov->error_strings[cnt2].string = reasonstrings[cnt2-1].ptr;
1065
0
        }
1066
1067
0
        ERR_load_strings(prov->error_lib, prov->error_strings);
1068
0
    }
1069
2
# endif
1070
2
#endif
1071
1072
    /* With this flag set, this provider has become fully "loaded". */
1073
2
    prov->flag_initialized = 1;
1074
2
    ok = 1;
1075
1076
2
 end:
1077
2
    return ok;
1078
2
}
1079
1080
/*
1081
 * Deactivate a provider. If upcalls is 0 then we suppress any upcalls to a
1082
 * parent provider. If removechildren is 0 then we suppress any calls to remove
1083
 * child providers.
1084
 * Return -1 on failure and the activation count on success
1085
 */
1086
static int provider_deactivate(OSSL_PROVIDER *prov, int upcalls,
1087
                               int removechildren)
1088
2
{
1089
2
    int count;
1090
2
    struct provider_store_st *store;
1091
2
#ifndef FIPS_MODULE
1092
2
    int freeparent = 0;
1093
2
#endif
1094
2
    int lock = 1;
1095
1096
2
    if (!ossl_assert(prov != NULL))
1097
0
        return -1;
1098
1099
    /*
1100
     * No need to lock if we've got no store because we've not been shared with
1101
     * other threads.
1102
     */
1103
2
    store = get_provider_store(prov->libctx);
1104
2
    if (store == NULL)
1105
0
        lock = 0;
1106
1107
2
    if (lock && !CRYPTO_THREAD_read_lock(store->lock))
1108
0
        return -1;
1109
2
    if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) {
1110
0
        CRYPTO_THREAD_unlock(store->lock);
1111
0
        return -1;
1112
0
    }
1113
1114
2
    CRYPTO_atomic_add(&prov->activatecnt, -1, &count, prov->activatecnt_lock);
1115
2
#ifndef FIPS_MODULE
1116
2
    if (count >= 1 && prov->ischild && upcalls) {
1117
        /*
1118
         * We have had a direct activation in this child libctx so we need to
1119
         * now down the ref count in the parent provider. We do the actual down
1120
         * ref outside of the flag_lock, since it could involve getting other
1121
         * locks.
1122
         */
1123
0
        freeparent = 1;
1124
0
    }
1125
2
#endif
1126
1127
2
    if (count < 1)
1128
2
        prov->flag_activated = 0;
1129
0
#ifndef FIPS_MODULE
1130
0
    else
1131
0
        removechildren = 0;
1132
2
#endif
1133
1134
2
#ifndef FIPS_MODULE
1135
2
    if (removechildren && store != NULL) {
1136
2
        int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
1137
2
        OSSL_PROVIDER_CHILD_CB *child_cb;
1138
1139
2
        for (i = 0; i < max; i++) {
1140
0
            child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i);
1141
0
            child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata);
1142
0
        }
1143
2
    }
1144
2
#endif
1145
2
    if (lock) {
1146
2
        CRYPTO_THREAD_unlock(prov->flag_lock);
1147
2
        CRYPTO_THREAD_unlock(store->lock);
1148
        /*
1149
         * This can be done outside the lock. We tolerate other threads getting
1150
         * the wrong result briefly when creating OSSL_DECODER_CTXs.
1151
         */
1152
2
#ifndef FIPS_MODULE
1153
2
        if (count < 1)
1154
2
            ossl_decoder_cache_flush(prov->libctx);
1155
2
#endif
1156
2
    }
1157
2
#ifndef FIPS_MODULE
1158
2
    if (freeparent)
1159
0
        ossl_provider_free_parent(prov, 1);
1160
2
#endif
1161
1162
    /* We don't deinit here, that's done in ossl_provider_free() */
1163
2
    return count;
1164
2
}
1165
1166
/*
1167
 * Activate a provider.
1168
 * Return -1 on failure and the activation count on success
1169
 */
1170
static int provider_activate(OSSL_PROVIDER *prov, int lock, int upcalls)
1171
2
{
1172
2
    int count = -1;
1173
2
    struct provider_store_st *store;
1174
2
    int ret = 1;
1175
1176
2
    store = prov->store;
1177
    /*
1178
    * If the provider hasn't been added to the store, then we don't need
1179
    * any locks because we've not shared it with other threads.
1180
    */
1181
2
    if (store == NULL) {
1182
2
        lock = 0;
1183
2
        if (!provider_init(prov))
1184
0
            return -1;
1185
2
    }
1186
1187
2
#ifndef FIPS_MODULE
1188
2
    if (prov->ischild && upcalls && !ossl_provider_up_ref_parent(prov, 1))
1189
0
        return -1;
1190
2
#endif
1191
1192
2
    if (lock && !CRYPTO_THREAD_read_lock(store->lock)) {
1193
0
#ifndef FIPS_MODULE
1194
0
        if (prov->ischild && upcalls)
1195
0
            ossl_provider_free_parent(prov, 1);
1196
0
#endif
1197
0
        return -1;
1198
0
    }
1199
1200
2
    if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) {
1201
0
        CRYPTO_THREAD_unlock(store->lock);
1202
0
#ifndef FIPS_MODULE
1203
0
        if (prov->ischild && upcalls)
1204
0
            ossl_provider_free_parent(prov, 1);
1205
0
#endif
1206
0
        return -1;
1207
0
    }
1208
2
    if (CRYPTO_atomic_add(&prov->activatecnt, 1, &count, prov->activatecnt_lock)) {
1209
2
        prov->flag_activated = 1;
1210
1211
2
        if (count == 1 && store != NULL) {
1212
0
            ret = create_provider_children(prov);
1213
0
        }
1214
2
    }
1215
2
    if (lock) {
1216
0
        CRYPTO_THREAD_unlock(prov->flag_lock);
1217
0
        CRYPTO_THREAD_unlock(store->lock);
1218
        /*
1219
         * This can be done outside the lock. We tolerate other threads getting
1220
         * the wrong result briefly when creating OSSL_DECODER_CTXs.
1221
         */
1222
0
#ifndef FIPS_MODULE
1223
0
        if (count == 1)
1224
0
            ossl_decoder_cache_flush(prov->libctx);
1225
0
#endif
1226
0
    }
1227
1228
2
    if (!ret)
1229
0
        return -1;
1230
1231
2
    return count;
1232
2
}
1233
1234
static int provider_flush_store_cache(const OSSL_PROVIDER *prov)
1235
0
{
1236
0
    struct provider_store_st *store;
1237
0
    int freeing;
1238
1239
0
    if ((store = get_provider_store(prov->libctx)) == NULL)
1240
0
        return 0;
1241
1242
0
    if (!CRYPTO_THREAD_read_lock(store->lock))
1243
0
        return 0;
1244
0
    freeing = store->freeing;
1245
0
    CRYPTO_THREAD_unlock(store->lock);
1246
1247
0
    if (!freeing) {
1248
0
        int acc
1249
0
            = evp_method_store_cache_flush(prov->libctx)
1250
0
#ifndef FIPS_MODULE
1251
0
            + ossl_encoder_store_cache_flush(prov->libctx)
1252
0
            + ossl_decoder_store_cache_flush(prov->libctx)
1253
0
            + ossl_store_loader_store_cache_flush(prov->libctx)
1254
0
#endif
1255
0
            ;
1256
1257
0
#ifndef FIPS_MODULE
1258
0
        return acc == 4;
1259
#else
1260
        return acc == 1;
1261
#endif
1262
0
    }
1263
0
    return 1;
1264
0
}
1265
1266
static int provider_remove_store_methods(OSSL_PROVIDER *prov)
1267
2
{
1268
2
    struct provider_store_st *store;
1269
2
    int freeing;
1270
1271
2
    if ((store = get_provider_store(prov->libctx)) == NULL)
1272
0
        return 0;
1273
1274
2
    if (!CRYPTO_THREAD_read_lock(store->lock))
1275
0
        return 0;
1276
2
    freeing = store->freeing;
1277
2
    CRYPTO_THREAD_unlock(store->lock);
1278
1279
2
    if (!freeing) {
1280
0
        int acc;
1281
1282
0
        if (!CRYPTO_THREAD_write_lock(prov->opbits_lock))
1283
0
            return 0;
1284
0
        OPENSSL_free(prov->operation_bits);
1285
0
        prov->operation_bits = NULL;
1286
0
        prov->operation_bits_sz = 0;
1287
0
        CRYPTO_THREAD_unlock(prov->opbits_lock);
1288
1289
0
        acc = evp_method_store_remove_all_provided(prov)
1290
0
#ifndef FIPS_MODULE
1291
0
            + ossl_encoder_store_remove_all_provided(prov)
1292
0
            + ossl_decoder_store_remove_all_provided(prov)
1293
0
            + ossl_store_loader_store_remove_all_provided(prov)
1294
0
#endif
1295
0
            ;
1296
1297
0
#ifndef FIPS_MODULE
1298
0
        return acc == 4;
1299
#else
1300
        return acc == 1;
1301
#endif
1302
0
    }
1303
2
    return 1;
1304
2
}
1305
1306
int ossl_provider_activate(OSSL_PROVIDER *prov, int upcalls, int aschild)
1307
0
{
1308
0
    int count;
1309
1310
0
    if (prov == NULL)
1311
0
        return 0;
1312
0
#ifndef FIPS_MODULE
1313
    /*
1314
     * If aschild is true, then we only actually do the activation if the
1315
     * provider is a child. If its not, this is still success.
1316
     */
1317
0
    if (aschild && !prov->ischild)
1318
0
        return 1;
1319
0
#endif
1320
0
    if ((count = provider_activate(prov, 1, upcalls)) > 0)
1321
0
        return count == 1 ? provider_flush_store_cache(prov) : 1;
1322
1323
0
    return 0;
1324
0
}
1325
1326
int ossl_provider_deactivate(OSSL_PROVIDER *prov, int removechildren)
1327
2
{
1328
2
    int count;
1329
1330
2
    if (prov == NULL
1331
2
            || (count = provider_deactivate(prov, 1, removechildren)) < 0)
1332
0
        return 0;
1333
2
    return count == 0 ? provider_remove_store_methods(prov) : 1;
1334
2
}
1335
1336
void *ossl_provider_ctx(const OSSL_PROVIDER *prov)
1337
1.02M
{
1338
1.02M
    return prov != NULL ? prov->provctx : NULL;
1339
1.02M
}
1340
1341
/*
1342
 * This function only does something once when store->use_fallbacks == 1,
1343
 * and then sets store->use_fallbacks = 0, so the second call and so on is
1344
 * effectively a no-op.
1345
 */
1346
static int provider_activate_fallbacks(struct provider_store_st *store)
1347
3.09k
{
1348
3.09k
    int use_fallbacks;
1349
3.09k
    int activated_fallback_count = 0;
1350
3.09k
    int ret = 0;
1351
3.09k
    const OSSL_PROVIDER_INFO *p;
1352
1353
3.09k
    if (!CRYPTO_THREAD_read_lock(store->lock))
1354
0
        return 0;
1355
3.09k
    use_fallbacks = store->use_fallbacks;
1356
3.09k
    CRYPTO_THREAD_unlock(store->lock);
1357
3.09k
    if (!use_fallbacks)
1358
3.09k
        return 1;
1359
1360
2
    if (!CRYPTO_THREAD_write_lock(store->lock))
1361
0
        return 0;
1362
    /* Check again, just in case another thread changed it */
1363
2
    use_fallbacks = store->use_fallbacks;
1364
2
    if (!use_fallbacks) {
1365
0
        CRYPTO_THREAD_unlock(store->lock);
1366
0
        return 1;
1367
0
    }
1368
1369
8
    for (p = ossl_predefined_providers; p->name != NULL; p++) {
1370
6
        OSSL_PROVIDER *prov = NULL;
1371
1372
6
        if (!p->is_fallback)
1373
4
            continue;
1374
        /*
1375
         * We use the internal constructor directly here,
1376
         * otherwise we get a call loop
1377
         */
1378
2
        prov = provider_new(p->name, p->init, NULL);
1379
2
        if (prov == NULL)
1380
0
            goto err;
1381
2
        prov->libctx = store->libctx;
1382
2
#ifndef FIPS_MODULE
1383
2
        prov->error_lib = ERR_get_next_error_library();
1384
2
#endif
1385
1386
        /*
1387
         * We are calling provider_activate while holding the store lock. This
1388
         * means the init function will be called while holding a lock. Normally
1389
         * we try to avoid calling a user callback while holding a lock.
1390
         * However, fallbacks are never third party providers so we accept this.
1391
         */
1392
2
        if (provider_activate(prov, 0, 0) < 0) {
1393
0
            ossl_provider_free(prov);
1394
0
            goto err;
1395
0
        }
1396
2
        prov->store = store;
1397
2
        if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) {
1398
0
            ossl_provider_free(prov);
1399
0
            goto err;
1400
0
        }
1401
2
        activated_fallback_count++;
1402
2
    }
1403
1404
2
    if (activated_fallback_count > 0) {
1405
2
        store->use_fallbacks = 0;
1406
2
        ret = 1;
1407
2
    }
1408
2
 err:
1409
2
    CRYPTO_THREAD_unlock(store->lock);
1410
2
    return ret;
1411
2
}
1412
1413
int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
1414
                                  int (*cb)(OSSL_PROVIDER *provider,
1415
                                            void *cbdata),
1416
                                  void *cbdata)
1417
3.09k
{
1418
3.09k
    int ret = 0, curr, max, ref = 0;
1419
3.09k
    struct provider_store_st *store = get_provider_store(ctx);
1420
3.09k
    STACK_OF(OSSL_PROVIDER) *provs = NULL;
1421
1422
3.09k
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
1423
    /*
1424
     * Make sure any providers are loaded from config before we try to use
1425
     * them.
1426
     */
1427
3.09k
    if (ossl_lib_ctx_is_default(ctx))
1428
3.09k
        OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
1429
3.09k
#endif
1430
1431
3.09k
    if (store == NULL)
1432
0
        return 1;
1433
3.09k
    if (!provider_activate_fallbacks(store))
1434
0
        return 0;
1435
1436
    /*
1437
     * Under lock, grab a copy of the provider list and up_ref each
1438
     * provider so that they don't disappear underneath us.
1439
     */
1440
3.09k
    if (!CRYPTO_THREAD_read_lock(store->lock))
1441
0
        return 0;
1442
3.09k
    provs = sk_OSSL_PROVIDER_dup(store->providers);
1443
3.09k
    if (provs == NULL) {
1444
0
        CRYPTO_THREAD_unlock(store->lock);
1445
0
        return 0;
1446
0
    }
1447
3.09k
    max = sk_OSSL_PROVIDER_num(provs);
1448
    /*
1449
     * We work backwards through the stack so that we can safely delete items
1450
     * as we go.
1451
     */
1452
6.19k
    for (curr = max - 1; curr >= 0; curr--) {
1453
3.09k
        OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr);
1454
1455
3.09k
        if (!CRYPTO_THREAD_read_lock(prov->flag_lock))
1456
0
            goto err_unlock;
1457
3.09k
        if (prov->flag_activated) {
1458
            /*
1459
             * We call CRYPTO_UP_REF directly rather than ossl_provider_up_ref
1460
             * to avoid upping the ref count on the parent provider, which we
1461
             * must not do while holding locks.
1462
             */
1463
3.09k
            if (CRYPTO_UP_REF(&prov->refcnt, &ref) <= 0) {
1464
0
                CRYPTO_THREAD_unlock(prov->flag_lock);
1465
0
                goto err_unlock;
1466
0
            }
1467
            /*
1468
             * It's already activated, but we up the activated count to ensure
1469
             * it remains activated until after we've called the user callback.
1470
             * In theory this could mean the parent provider goes inactive,
1471
             * whilst still activated in the child for a short period. That's ok.
1472
             */
1473
3.09k
            if (!CRYPTO_atomic_add(&prov->activatecnt, 1, &ref,
1474
3.09k
                                   prov->activatecnt_lock)) {
1475
0
                CRYPTO_DOWN_REF(&prov->refcnt, &ref);
1476
0
                CRYPTO_THREAD_unlock(prov->flag_lock);
1477
0
                goto err_unlock;
1478
0
            }
1479
3.09k
        } else {
1480
0
            sk_OSSL_PROVIDER_delete(provs, curr);
1481
0
            max--;
1482
0
        }
1483
3.09k
        CRYPTO_THREAD_unlock(prov->flag_lock);
1484
3.09k
    }
1485
3.09k
    CRYPTO_THREAD_unlock(store->lock);
1486
1487
    /*
1488
     * Now, we sweep through all providers not under lock
1489
     */
1490
6.19k
    for (curr = 0; curr < max; curr++) {
1491
3.09k
        OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr);
1492
1493
3.09k
        if (!cb(prov, cbdata)) {
1494
0
            curr = -1;
1495
0
            goto finish;
1496
0
        }
1497
3.09k
    }
1498
3.09k
    curr = -1;
1499
1500
3.09k
    ret = 1;
1501
3.09k
    goto finish;
1502
1503
0
 err_unlock:
1504
0
    CRYPTO_THREAD_unlock(store->lock);
1505
3.09k
 finish:
1506
    /*
1507
     * The pop_free call doesn't do what we want on an error condition. We
1508
     * either start from the first item in the stack, or part way through if
1509
     * we only processed some of the items.
1510
     */
1511
6.19k
    for (curr++; curr < max; curr++) {
1512
3.09k
        OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr);
1513
1514
3.09k
        if (!CRYPTO_atomic_add(&prov->activatecnt, -1, &ref,
1515
3.09k
                               prov->activatecnt_lock)) {
1516
0
            ret = 0;
1517
0
            continue;
1518
0
        }
1519
3.09k
        if (ref < 1) {
1520
            /*
1521
             * Looks like we need to deactivate properly. We could just have
1522
             * done this originally, but it involves taking a write lock so
1523
             * we avoid it. We up the count again and do a full deactivation
1524
             */
1525
0
            if (CRYPTO_atomic_add(&prov->activatecnt, 1, &ref,
1526
0
                                  prov->activatecnt_lock))
1527
0
                provider_deactivate(prov, 0, 1);
1528
0
            else
1529
0
                ret = 0;
1530
0
        }
1531
        /*
1532
         * As above where we did the up-ref, we don't call ossl_provider_free
1533
         * to avoid making upcalls. There should always be at least one ref
1534
         * to the provider in the store, so this should never drop to 0.
1535
         */
1536
3.09k
        if (!CRYPTO_DOWN_REF(&prov->refcnt, &ref)) {
1537
0
            ret = 0;
1538
0
            continue;
1539
0
        }
1540
        /*
1541
         * Not much we can do if this assert ever fails. So we don't use
1542
         * ossl_assert here.
1543
         */
1544
3.09k
        assert(ref > 0);
1545
3.09k
    }
1546
3.09k
    sk_OSSL_PROVIDER_free(provs);
1547
3.09k
    return ret;
1548
3.09k
}
1549
1550
int OSSL_PROVIDER_available(OSSL_LIB_CTX *libctx, const char *name)
1551
0
{
1552
0
    OSSL_PROVIDER *prov = NULL;
1553
0
    int available = 0;
1554
0
    struct provider_store_st *store = get_provider_store(libctx);
1555
1556
0
    if (store == NULL || !provider_activate_fallbacks(store))
1557
0
        return 0;
1558
1559
0
    prov = ossl_provider_find(libctx, name, 0);
1560
0
    if (prov != NULL) {
1561
0
        if (!CRYPTO_THREAD_read_lock(prov->flag_lock))
1562
0
            return 0;
1563
0
        available = prov->flag_activated;
1564
0
        CRYPTO_THREAD_unlock(prov->flag_lock);
1565
0
        ossl_provider_free(prov);
1566
0
    }
1567
0
    return available;
1568
0
}
1569
1570
/* Getters of Provider Object data */
1571
const char *ossl_provider_name(const OSSL_PROVIDER *prov)
1572
0
{
1573
0
    return prov->name;
1574
0
}
1575
1576
const DSO *ossl_provider_dso(const OSSL_PROVIDER *prov)
1577
0
{
1578
0
    return prov->module;
1579
0
}
1580
1581
const char *ossl_provider_module_name(const OSSL_PROVIDER *prov)
1582
0
{
1583
#ifdef FIPS_MODULE
1584
    return NULL;
1585
#else
1586
0
    return DSO_get_filename(prov->module);
1587
0
#endif
1588
0
}
1589
1590
const char *ossl_provider_module_path(const OSSL_PROVIDER *prov)
1591
0
{
1592
#ifdef FIPS_MODULE
1593
    return NULL;
1594
#else
1595
    /* FIXME: Ensure it's a full path */
1596
0
    return DSO_get_filename(prov->module);
1597
0
#endif
1598
0
}
1599
1600
void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov)
1601
0
{
1602
0
    if (prov != NULL)
1603
0
        return prov->provctx;
1604
1605
0
    return NULL;
1606
0
}
1607
1608
const OSSL_DISPATCH *ossl_provider_get0_dispatch(const OSSL_PROVIDER *prov)
1609
0
{
1610
0
    if (prov != NULL)
1611
0
        return prov->dispatch;
1612
1613
0
    return NULL;
1614
0
}
1615
1616
OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov)
1617
7.73k
{
1618
7.73k
    return prov != NULL ? prov->libctx : NULL;
1619
7.73k
}
1620
1621
/**
1622
 * @brief Tears down the given provider.
1623
 *
1624
 * This function calls the `teardown` callback of the given provider to release
1625
 * any resources associated with it. The teardown is skipped if the callback is
1626
 * not defined or, in non-FIPS builds, if the provider is a child.
1627
 *
1628
 * @param prov Pointer to the OSSL_PROVIDER structure representing the provider.
1629
 *
1630
 * If tracing is enabled, a message is printed indicating that the teardown is
1631
 * being called.
1632
 */
1633
void ossl_provider_teardown(const OSSL_PROVIDER *prov)
1634
2
{
1635
2
    if (prov->teardown != NULL
1636
2
#ifndef FIPS_MODULE
1637
2
            && !prov->ischild
1638
2
#endif
1639
2
        ) {
1640
2
#ifndef FIPS_MODULE
1641
2
        OSSL_TRACE_BEGIN(PROVIDER) {
1642
0
            BIO_printf(trc_out, "(provider %s) calling teardown\n",
1643
0
                       ossl_provider_name(prov));
1644
2
        } OSSL_TRACE_END(PROVIDER);
1645
2
#endif
1646
2
        prov->teardown(prov->provctx);
1647
2
    }
1648
2
}
1649
1650
/**
1651
 * @brief Retrieves the parameters that can be obtained from a provider.
1652
 *
1653
 * This function calls the `gettable_params` callback of the given provider to
1654
 * get a list of parameters that can be retrieved.
1655
 *
1656
 * @param prov Pointer to the OSSL_PROVIDER structure representing the provider.
1657
 *
1658
 * @return Pointer to an array of OSSL_PARAM structures that represent the
1659
 *         gettable parameters, or NULL if the callback is not defined.
1660
 *
1661
 * If tracing is enabled, the gettable parameters are printed for debugging.
1662
 */
1663
const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov)
1664
0
{
1665
0
    const OSSL_PARAM *ret = NULL;
1666
1667
0
    if (prov->gettable_params != NULL)
1668
0
        ret = prov->gettable_params(prov->provctx);
1669
1670
0
#ifndef FIPS_MODULE
1671
0
    OSSL_TRACE_BEGIN(PROVIDER) {
1672
0
        char *buf = NULL;
1673
1674
0
        BIO_printf(trc_out, "(provider %s) gettable params\n",
1675
0
                   ossl_provider_name(prov));
1676
0
        BIO_printf(trc_out, "Parameters:\n");
1677
0
        if (prov->gettable_params != NULL) {
1678
0
            if (!OSSL_PARAM_print_to_bio(ret, trc_out, 0))
1679
0
                BIO_printf(trc_out, "Failed to parse param values\n");
1680
0
            OPENSSL_free(buf);
1681
0
        } else {
1682
0
            BIO_printf(trc_out, "Provider doesn't implement gettable_params\n");
1683
0
        }
1684
0
    } OSSL_TRACE_END(PROVIDER);
1685
0
#endif
1686
1687
0
    return ret;
1688
0
}
1689
1690
/**
1691
 * @brief Retrieves parameters from a provider.
1692
 *
1693
 * This function calls the `get_params` callback of the given provider to
1694
 * retrieve its parameters. If the callback is defined, it is invoked with the
1695
 * provider context and the parameters array.
1696
 *
1697
 * @param prov Pointer to the OSSL_PROVIDER structure representing the provider.
1698
 * @param params Array of OSSL_PARAM structures to store the retrieved parameters.
1699
 *
1700
 * @return 1 on success, 0 if the `get_params` callback is not defined or fails.
1701
 *
1702
 * If tracing is enabled, the retrieved parameters are printed for debugging.
1703
 */
1704
int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
1705
0
{
1706
0
    int ret;
1707
1708
0
    if (prov->get_params == NULL)
1709
0
        return 0;
1710
1711
0
    ret = prov->get_params(prov->provctx, params);
1712
0
#ifndef FIPS_MODULE
1713
0
    OSSL_TRACE_BEGIN(PROVIDER) {
1714
1715
0
        BIO_printf(trc_out,
1716
0
                   "(provider %s) calling get_params\n", prov->name);
1717
0
        if (ret == 1) {
1718
0
            BIO_printf(trc_out, "Parameters:\n");
1719
0
            if (!OSSL_PARAM_print_to_bio(params, trc_out, 1))
1720
0
                BIO_printf(trc_out, "Failed to parse param values\n");
1721
0
        } else {
1722
0
            BIO_printf(trc_out, "get_params call failed\n");
1723
0
        }
1724
0
    } OSSL_TRACE_END(PROVIDER);
1725
0
#endif
1726
0
    return ret;
1727
0
}
1728
1729
/**
1730
 * @brief Performs a self-test on the given provider.
1731
 *
1732
 * This function calls the `self_test` callback of the given provider to
1733
 * perform a self-test. If the callback is not defined, it assumes the test
1734
 * passed.
1735
 *
1736
 * @param prov Pointer to the OSSL_PROVIDER structure representing the provider.
1737
 *
1738
 * @return 1 if the self-test passes or the callback is not defined, 0 on failure.
1739
 *
1740
 * If tracing is enabled, the result of the self-test is printed for debugging.
1741
 * If the test fails, the provider's store methods are removed.
1742
 */
1743
int ossl_provider_self_test(const OSSL_PROVIDER *prov)
1744
0
{
1745
0
    int ret = 1;
1746
1747
0
    if (prov->self_test != NULL)
1748
0
        ret = prov->self_test(prov->provctx);
1749
1750
0
#ifndef FIPS_MODULE
1751
0
    OSSL_TRACE_BEGIN(PROVIDER) {
1752
0
        if (prov->self_test != NULL) 
1753
0
            BIO_printf(trc_out,
1754
0
                       "(provider %s) Calling self_test, ret = %d\n",
1755
0
                       prov->name, ret);
1756
0
        else
1757
0
            BIO_printf(trc_out,
1758
0
                       "(provider %s) doesn't implement self_test\n",
1759
0
                       prov->name);
1760
0
    } OSSL_TRACE_END(PROVIDER);
1761
0
#endif
1762
0
    if (ret == 0)
1763
0
        (void)provider_remove_store_methods((OSSL_PROVIDER *)prov);
1764
0
    return ret;
1765
0
}
1766
1767
/**
1768
 * @brief Retrieves capabilities from the given provider.
1769
 *
1770
 * This function calls the `get_capabilities` callback of the specified provider
1771
 * to retrieve capabilities information. The callback is invoked with the
1772
 * provider context, capability name, a callback function, and an argument.
1773
 *
1774
 * @param prov Pointer to the OSSL_PROVIDER structure representing the provider.
1775
 * @param capability String representing the capability to be retrieved.
1776
 * @param cb Callback function to process the capability data.
1777
 * @param arg Argument to be passed to the callback function.
1778
 *
1779
 * @return 1 if the capabilities are successfully retrieved or if the callback
1780
 *         is not defined, otherwise the value returned by `get_capabilities`.
1781
 *
1782
 * If tracing is enabled, a message is printed indicating the requested
1783
 * capabilities.
1784
 */
1785
int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov,
1786
                                   const char *capability,
1787
                                   OSSL_CALLBACK *cb,
1788
                                   void *arg)
1789
0
{
1790
0
    if (prov->get_capabilities != NULL) {
1791
0
#ifndef FIPS_MODULE
1792
0
        OSSL_TRACE_BEGIN(PROVIDER) {
1793
0
            BIO_printf(trc_out,
1794
0
                       "(provider %s) Calling get_capabilities "
1795
0
                       "with capabilities %s\n", prov->name,
1796
0
                       capability == NULL ? "none" : capability);
1797
0
        } OSSL_TRACE_END(PROVIDER);
1798
0
#endif
1799
0
        return prov->get_capabilities(prov->provctx, capability, cb, arg);
1800
0
    }
1801
0
    return 1;
1802
0
}
1803
1804
/**
1805
 * @brief Queries the provider for available algorithms for a given operation.
1806
 *
1807
 * This function calls the `query_operation` callback of the specified provider
1808
 * to obtain a list of algorithms that can perform the given operation. It may
1809
 * also set a flag indicating whether the result should be cached.
1810
 *
1811
 * @param prov Pointer to the OSSL_PROVIDER structure representing the provider.
1812
 * @param operation_id Identifier of the operation to query.
1813
 * @param no_cache Pointer to an integer flag to indicate whether caching is allowed.
1814
 *
1815
 * @return Pointer to an array of OSSL_ALGORITHM structures representing the
1816
 *         available algorithms, or NULL if the callback is not defined or
1817
 *         there are no available algorithms.
1818
 *
1819
 * If tracing is enabled, the available algorithms and their properties are
1820
 * printed for debugging.
1821
 */
1822
const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
1823
                                                    int operation_id,
1824
                                                    int *no_cache)
1825
3.09k
{
1826
3.09k
    const OSSL_ALGORITHM *res;
1827
1828
3.09k
    if (prov->query_operation == NULL) {
1829
0
#ifndef FIPS_MODULE
1830
0
        OSSL_TRACE_BEGIN(PROVIDER) {
1831
0
            BIO_printf(trc_out, "provider %s lacks query operation!\n",
1832
0
                       prov->name);
1833
0
        } OSSL_TRACE_END(PROVIDER);
1834
0
#endif
1835
0
        return NULL;
1836
0
    }
1837
1838
3.09k
    res = prov->query_operation(prov->provctx, operation_id, no_cache);
1839
3.09k
#ifndef FIPS_MODULE
1840
3.09k
    OSSL_TRACE_BEGIN(PROVIDER) {
1841
0
        const OSSL_ALGORITHM *idx;
1842
0
        if (res != NULL) {
1843
0
            BIO_printf(trc_out,
1844
0
                       "(provider %s) Calling query, available algs are:\n", prov->name);
1845
1846
0
            for (idx = res; idx->algorithm_names != NULL; idx++) {
1847
0
                BIO_printf(trc_out,
1848
0
                           "(provider %s) names %s, prop_def %s, desc %s\n",
1849
0
                           prov->name,
1850
0
                           res->algorithm_names == NULL ? "none" :
1851
0
                           res->algorithm_names,
1852
0
                           res->property_definition == NULL ? "none" :
1853
0
                           res->property_definition,
1854
0
                           res->algorithm_description == NULL ? "none" :
1855
0
                           res->algorithm_description);
1856
0
            }
1857
0
        } else {
1858
0
            BIO_printf(trc_out, "(provider %s) query_operation failed\n", prov->name);
1859
0
        }
1860
3.09k
    } OSSL_TRACE_END(PROVIDER);
1861
3.09k
#endif
1862
1863
#if defined(OPENSSL_NO_CACHED_FETCH)
1864
    /* Forcing the non-caching of queries */
1865
    if (no_cache != NULL)
1866
        *no_cache = 1;
1867
#endif
1868
3.09k
    return res;
1869
3.09k
}
1870
1871
/**
1872
 * @brief Releases resources associated with a queried operation.
1873
 *
1874
 * This function calls the `unquery_operation` callback of the specified
1875
 * provider to release any resources related to a previously queried operation.
1876
 *
1877
 * @param prov Pointer to the OSSL_PROVIDER structure representing the provider.
1878
 * @param operation_id Identifier of the operation to unquery.
1879
 * @param algs Pointer to the OSSL_ALGORITHM structures representing the
1880
 *             algorithms associated with the operation.
1881
 *
1882
 * If tracing is enabled, a message is printed indicating that the operation
1883
 * is being unqueried.
1884
 */
1885
void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov,
1886
                                     int operation_id,
1887
                                     const OSSL_ALGORITHM *algs)
1888
3.09k
{
1889
3.09k
    if (prov->unquery_operation != NULL) {
1890
0
#ifndef FIPS_MODULE
1891
0
        OSSL_TRACE_BEGIN(PROVIDER) {
1892
0
            BIO_printf(trc_out,
1893
0
                       "(provider %s) Calling unquery"
1894
0
                       " with operation %d\n",
1895
0
                       prov->name,
1896
0
                       operation_id);
1897
0
        } OSSL_TRACE_END(PROVIDER);
1898
0
#endif
1899
0
        prov->unquery_operation(prov->provctx, operation_id, algs);
1900
0
    }
1901
3.09k
}
1902
1903
int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum)
1904
16
{
1905
16
    size_t byte = bitnum / 8;
1906
16
    unsigned char bit = (1 << (bitnum % 8)) & 0xFF;
1907
1908
16
    if (!CRYPTO_THREAD_write_lock(provider->opbits_lock))
1909
0
        return 0;
1910
16
    if (provider->operation_bits_sz <= byte) {
1911
4
        unsigned char *tmp = OPENSSL_realloc(provider->operation_bits,
1912
4
                                             byte + 1);
1913
1914
4
        if (tmp == NULL) {
1915
0
            CRYPTO_THREAD_unlock(provider->opbits_lock);
1916
0
            return 0;
1917
0
        }
1918
4
        provider->operation_bits = tmp;
1919
4
        memset(provider->operation_bits + provider->operation_bits_sz,
1920
4
               '\0', byte + 1 - provider->operation_bits_sz);
1921
4
        provider->operation_bits_sz = byte + 1;
1922
4
    }
1923
16
    provider->operation_bits[byte] |= bit;
1924
16
    CRYPTO_THREAD_unlock(provider->opbits_lock);
1925
16
    return 1;
1926
16
}
1927
1928
int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum,
1929
                                     int *result)
1930
3.09k
{
1931
3.09k
    size_t byte = bitnum / 8;
1932
3.09k
    unsigned char bit = (1 << (bitnum % 8)) & 0xFF;
1933
1934
3.09k
    if (!ossl_assert(result != NULL)) {
1935
0
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
1936
0
        return 0;
1937
0
    }
1938
1939
3.09k
    *result = 0;
1940
3.09k
    if (!CRYPTO_THREAD_read_lock(provider->opbits_lock))
1941
0
        return 0;
1942
3.09k
    if (provider->operation_bits_sz > byte)
1943
3.09k
        *result = ((provider->operation_bits[byte] & bit) != 0);
1944
3.09k
    CRYPTO_THREAD_unlock(provider->opbits_lock);
1945
3.09k
    return 1;
1946
3.09k
}
1947
1948
#ifndef FIPS_MODULE
1949
const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov)
1950
0
{
1951
0
    return prov->handle;
1952
0
}
1953
1954
int ossl_provider_is_child(const OSSL_PROVIDER *prov)
1955
0
{
1956
0
    return prov->ischild;
1957
0
}
1958
1959
int ossl_provider_set_child(OSSL_PROVIDER *prov, const OSSL_CORE_HANDLE *handle)
1960
0
{
1961
0
    prov->handle = handle;
1962
0
    prov->ischild = 1;
1963
1964
0
    return 1;
1965
0
}
1966
1967
int ossl_provider_default_props_update(OSSL_LIB_CTX *libctx, const char *props)
1968
0
{
1969
0
#ifndef FIPS_MODULE
1970
0
    struct provider_store_st *store = NULL;
1971
0
    int i, max;
1972
0
    OSSL_PROVIDER_CHILD_CB *child_cb;
1973
1974
0
    if ((store = get_provider_store(libctx)) == NULL)
1975
0
        return 0;
1976
1977
0
    if (!CRYPTO_THREAD_read_lock(store->lock))
1978
0
        return 0;
1979
1980
0
    max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
1981
0
    for (i = 0; i < max; i++) {
1982
0
        child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i);
1983
0
        child_cb->global_props_cb(props, child_cb->cbdata);
1984
0
    }
1985
1986
0
    CRYPTO_THREAD_unlock(store->lock);
1987
0
#endif
1988
0
    return 1;
1989
0
}
1990
1991
static int ossl_provider_register_child_cb(const OSSL_CORE_HANDLE *handle,
1992
                                           int (*create_cb)(
1993
                                               const OSSL_CORE_HANDLE *provider,
1994
                                               void *cbdata),
1995
                                           int (*remove_cb)(
1996
                                               const OSSL_CORE_HANDLE *provider,
1997
                                               void *cbdata),
1998
                                           int (*global_props_cb)(
1999
                                               const char *props,
2000
                                               void *cbdata),
2001
                                           void *cbdata)
2002
0
{
2003
    /*
2004
     * This is really an OSSL_PROVIDER that we created and cast to
2005
     * OSSL_CORE_HANDLE originally. Therefore it is safe to cast it back.
2006
     */
2007
0
    OSSL_PROVIDER *thisprov = (OSSL_PROVIDER *)handle;
2008
0
    OSSL_PROVIDER *prov;
2009
0
    OSSL_LIB_CTX *libctx = thisprov->libctx;
2010
0
    struct provider_store_st *store = NULL;
2011
0
    int ret = 0, i, max;
2012
0
    OSSL_PROVIDER_CHILD_CB *child_cb;
2013
0
    char *propsstr = NULL;
2014
2015
0
    if ((store = get_provider_store(libctx)) == NULL)
2016
0
        return 0;
2017
2018
0
    child_cb = OPENSSL_malloc(sizeof(*child_cb));
2019
0
    if (child_cb == NULL)
2020
0
        return 0;
2021
0
    child_cb->prov = thisprov;
2022
0
    child_cb->create_cb = create_cb;
2023
0
    child_cb->remove_cb = remove_cb;
2024
0
    child_cb->global_props_cb = global_props_cb;
2025
0
    child_cb->cbdata = cbdata;
2026
2027
0
    if (!CRYPTO_THREAD_write_lock(store->lock)) {
2028
0
        OPENSSL_free(child_cb);
2029
0
        return 0;
2030
0
    }
2031
0
    propsstr = evp_get_global_properties_str(libctx, 0);
2032
2033
0
    if (propsstr != NULL) {
2034
0
        global_props_cb(propsstr, cbdata);
2035
0
        OPENSSL_free(propsstr);
2036
0
    }
2037
0
    max = sk_OSSL_PROVIDER_num(store->providers);
2038
0
    for (i = 0; i < max; i++) {
2039
0
        int activated;
2040
2041
0
        prov = sk_OSSL_PROVIDER_value(store->providers, i);
2042
2043
0
        if (!CRYPTO_THREAD_read_lock(prov->flag_lock))
2044
0
            break;
2045
0
        activated = prov->flag_activated;
2046
0
        CRYPTO_THREAD_unlock(prov->flag_lock);
2047
        /*
2048
         * We hold the store lock while calling the user callback. This means
2049
         * that the user callback must be short and simple and not do anything
2050
         * likely to cause a deadlock. We don't hold the flag_lock during this
2051
         * call. In theory this means that another thread could deactivate it
2052
         * while we are calling create. This is ok because the other thread
2053
         * will also call remove_cb, but won't be able to do so until we release
2054
         * the store lock.
2055
         */
2056
0
        if (activated && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata))
2057
0
            break;
2058
0
    }
2059
0
    if (i == max) {
2060
        /* Success */
2061
0
        ret = sk_OSSL_PROVIDER_CHILD_CB_push(store->child_cbs, child_cb);
2062
0
    }
2063
0
    if (i != max || ret <= 0) {
2064
        /* Failed during creation. Remove everything we just added */
2065
0
        for (; i >= 0; i--) {
2066
0
            prov = sk_OSSL_PROVIDER_value(store->providers, i);
2067
0
            remove_cb((OSSL_CORE_HANDLE *)prov, cbdata);
2068
0
        }
2069
0
        OPENSSL_free(child_cb);
2070
0
        ret = 0;
2071
0
    }
2072
0
    CRYPTO_THREAD_unlock(store->lock);
2073
2074
0
    return ret;
2075
0
}
2076
2077
static void ossl_provider_deregister_child_cb(const OSSL_CORE_HANDLE *handle)
2078
0
{
2079
    /*
2080
     * This is really an OSSL_PROVIDER that we created and cast to
2081
     * OSSL_CORE_HANDLE originally. Therefore it is safe to cast it back.
2082
     */
2083
0
    OSSL_PROVIDER *thisprov = (OSSL_PROVIDER *)handle;
2084
0
    OSSL_LIB_CTX *libctx = thisprov->libctx;
2085
0
    struct provider_store_st *store = NULL;
2086
0
    int i, max;
2087
0
    OSSL_PROVIDER_CHILD_CB *child_cb;
2088
2089
0
    if ((store = get_provider_store(libctx)) == NULL)
2090
0
        return;
2091
2092
0
    if (!CRYPTO_THREAD_write_lock(store->lock))
2093
0
        return;
2094
0
    max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
2095
0
    for (i = 0; i < max; i++) {
2096
0
        child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i);
2097
0
        if (child_cb->prov == thisprov) {
2098
            /* Found an entry */
2099
0
            sk_OSSL_PROVIDER_CHILD_CB_delete(store->child_cbs, i);
2100
0
            OPENSSL_free(child_cb);
2101
0
            break;
2102
0
        }
2103
0
    }
2104
0
    CRYPTO_THREAD_unlock(store->lock);
2105
0
}
2106
#endif
2107
2108
/*-
2109
 * Core functions for the provider
2110
 * ===============================
2111
 *
2112
 * This is the set of functions that the core makes available to the provider
2113
 */
2114
2115
/*
2116
 * This returns a list of Provider Object parameters with their types, for
2117
 * discovery.  We do not expect that many providers will use this, but one
2118
 * never knows.
2119
 */
2120
static const OSSL_PARAM param_types[] = {
2121
    OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
2122
    OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_PROV_NAME, OSSL_PARAM_UTF8_PTR,
2123
                    NULL, 0),
2124
#ifndef FIPS_MODULE
2125
    OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, OSSL_PARAM_UTF8_PTR,
2126
                    NULL, 0),
2127
#endif
2128
    OSSL_PARAM_END
2129
};
2130
2131
/*
2132
 * Forward declare all the functions that are provided aa dispatch.
2133
 * This ensures that the compiler will complain if they aren't defined
2134
 * with the correct signature.
2135
 */
2136
static OSSL_FUNC_core_gettable_params_fn core_gettable_params;
2137
static OSSL_FUNC_core_get_params_fn core_get_params;
2138
static OSSL_FUNC_core_get_libctx_fn core_get_libctx;
2139
static OSSL_FUNC_core_thread_start_fn core_thread_start;
2140
#ifndef FIPS_MODULE
2141
static OSSL_FUNC_core_new_error_fn core_new_error;
2142
static OSSL_FUNC_core_set_error_debug_fn core_set_error_debug;
2143
static OSSL_FUNC_core_vset_error_fn core_vset_error;
2144
static OSSL_FUNC_core_set_error_mark_fn core_set_error_mark;
2145
static OSSL_FUNC_core_clear_last_error_mark_fn core_clear_last_error_mark;
2146
static OSSL_FUNC_core_pop_error_to_mark_fn core_pop_error_to_mark;
2147
OSSL_FUNC_BIO_new_file_fn ossl_core_bio_new_file;
2148
OSSL_FUNC_BIO_new_membuf_fn ossl_core_bio_new_mem_buf;
2149
OSSL_FUNC_BIO_read_ex_fn ossl_core_bio_read_ex;
2150
OSSL_FUNC_BIO_write_ex_fn ossl_core_bio_write_ex;
2151
OSSL_FUNC_BIO_gets_fn ossl_core_bio_gets;
2152
OSSL_FUNC_BIO_puts_fn ossl_core_bio_puts;
2153
OSSL_FUNC_BIO_up_ref_fn ossl_core_bio_up_ref;
2154
OSSL_FUNC_BIO_free_fn ossl_core_bio_free;
2155
OSSL_FUNC_BIO_vprintf_fn ossl_core_bio_vprintf;
2156
OSSL_FUNC_BIO_vsnprintf_fn BIO_vsnprintf;
2157
static OSSL_FUNC_indicator_cb_fn core_indicator_get_callback;
2158
static OSSL_FUNC_self_test_cb_fn core_self_test_get_callback;
2159
static OSSL_FUNC_get_entropy_fn rand_get_entropy;
2160
static OSSL_FUNC_get_user_entropy_fn rand_get_user_entropy;
2161
static OSSL_FUNC_cleanup_entropy_fn rand_cleanup_entropy;
2162
static OSSL_FUNC_cleanup_user_entropy_fn rand_cleanup_user_entropy;
2163
static OSSL_FUNC_get_nonce_fn rand_get_nonce;
2164
static OSSL_FUNC_get_user_nonce_fn rand_get_user_nonce;
2165
static OSSL_FUNC_cleanup_nonce_fn rand_cleanup_nonce;
2166
static OSSL_FUNC_cleanup_user_nonce_fn rand_cleanup_user_nonce;
2167
#endif
2168
OSSL_FUNC_CRYPTO_malloc_fn CRYPTO_malloc;
2169
OSSL_FUNC_CRYPTO_zalloc_fn CRYPTO_zalloc;
2170
OSSL_FUNC_CRYPTO_free_fn CRYPTO_free;
2171
OSSL_FUNC_CRYPTO_clear_free_fn CRYPTO_clear_free;
2172
OSSL_FUNC_CRYPTO_realloc_fn CRYPTO_realloc;
2173
OSSL_FUNC_CRYPTO_clear_realloc_fn CRYPTO_clear_realloc;
2174
OSSL_FUNC_CRYPTO_secure_malloc_fn CRYPTO_secure_malloc;
2175
OSSL_FUNC_CRYPTO_secure_zalloc_fn CRYPTO_secure_zalloc;
2176
OSSL_FUNC_CRYPTO_secure_free_fn CRYPTO_secure_free;
2177
OSSL_FUNC_CRYPTO_secure_clear_free_fn CRYPTO_secure_clear_free;
2178
OSSL_FUNC_CRYPTO_secure_allocated_fn CRYPTO_secure_allocated;
2179
OSSL_FUNC_OPENSSL_cleanse_fn OPENSSL_cleanse;
2180
#ifndef FIPS_MODULE
2181
OSSL_FUNC_provider_register_child_cb_fn ossl_provider_register_child_cb;
2182
OSSL_FUNC_provider_deregister_child_cb_fn ossl_provider_deregister_child_cb;
2183
static OSSL_FUNC_provider_name_fn core_provider_get0_name;
2184
static OSSL_FUNC_provider_get0_provider_ctx_fn core_provider_get0_provider_ctx;
2185
static OSSL_FUNC_provider_get0_dispatch_fn core_provider_get0_dispatch;
2186
static OSSL_FUNC_provider_up_ref_fn core_provider_up_ref_intern;
2187
static OSSL_FUNC_provider_free_fn core_provider_free_intern;
2188
static OSSL_FUNC_core_obj_add_sigid_fn core_obj_add_sigid;
2189
static OSSL_FUNC_core_obj_create_fn core_obj_create;
2190
#endif
2191
2192
static const OSSL_PARAM *core_gettable_params(const OSSL_CORE_HANDLE *handle)
2193
0
{
2194
0
    return param_types;
2195
0
}
2196
2197
static int core_get_params(const OSSL_CORE_HANDLE *handle, OSSL_PARAM params[])
2198
0
{
2199
0
    int i;
2200
0
    OSSL_PARAM *p;
2201
    /*
2202
     * We created this object originally and we know it is actually an
2203
     * OSSL_PROVIDER *, so the cast is safe
2204
     */
2205
0
    OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle;
2206
2207
0
    if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_VERSION)) != NULL)
2208
0
        OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR);
2209
0
    if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_PROV_NAME)) != NULL)
2210
0
        OSSL_PARAM_set_utf8_ptr(p, prov->name);
2211
2212
0
#ifndef FIPS_MODULE
2213
0
    if ((p = OSSL_PARAM_locate(params,
2214
0
                               OSSL_PROV_PARAM_CORE_MODULE_FILENAME)) != NULL)
2215
0
        OSSL_PARAM_set_utf8_ptr(p, ossl_provider_module_path(prov));
2216
0
#endif
2217
2218
0
    if (prov->parameters == NULL)
2219
0
        return 1;
2220
2221
0
    for (i = 0; i < sk_INFOPAIR_num(prov->parameters); i++) {
2222
0
        INFOPAIR *pair = sk_INFOPAIR_value(prov->parameters, i);
2223
2224
0
        if ((p = OSSL_PARAM_locate(params, pair->name)) != NULL)
2225
0
            OSSL_PARAM_set_utf8_ptr(p, pair->value);
2226
0
    }
2227
0
    return 1;
2228
0
}
2229
2230
static OPENSSL_CORE_CTX *core_get_libctx(const OSSL_CORE_HANDLE *handle)
2231
2
{
2232
    /*
2233
     * We created this object originally and we know it is actually an
2234
     * OSSL_PROVIDER *, so the cast is safe
2235
     */
2236
2
    OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle;
2237
2238
    /*
2239
     * Using ossl_provider_libctx would be wrong as that returns
2240
     * NULL for |prov| == NULL and NULL libctx has a special meaning
2241
     * that does not apply here. Here |prov| == NULL can happen only in
2242
     * case of a coding error.
2243
     */
2244
2
    assert(prov != NULL);
2245
2
    return (OPENSSL_CORE_CTX *)prov->libctx;
2246
2
}
2247
2248
static int core_thread_start(const OSSL_CORE_HANDLE *handle,
2249
                             OSSL_thread_stop_handler_fn handfn,
2250
                             void *arg)
2251
0
{
2252
    /*
2253
     * We created this object originally and we know it is actually an
2254
     * OSSL_PROVIDER *, so the cast is safe
2255
     */
2256
0
    OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle;
2257
2258
0
    return ossl_init_thread_start(prov, arg, handfn);
2259
0
}
2260
2261
/*
2262
 * The FIPS module inner provider doesn't implement these.  They aren't
2263
 * needed there, since the FIPS module upcalls are always the outer provider
2264
 * ones.
2265
 */
2266
#ifndef FIPS_MODULE
2267
/*
2268
 * These error functions should use |handle| to select the proper
2269
 * library context to report in the correct error stack if error
2270
 * stacks become tied to the library context.
2271
 * We cannot currently do that since there's no support for it in the
2272
 * ERR subsystem.
2273
 */
2274
static void core_new_error(const OSSL_CORE_HANDLE *handle)
2275
0
{
2276
0
    ERR_new();
2277
0
}
2278
2279
static void core_set_error_debug(const OSSL_CORE_HANDLE *handle,
2280
                                 const char *file, int line, const char *func)
2281
0
{
2282
0
    ERR_set_debug(file, line, func);
2283
0
}
2284
2285
static void core_vset_error(const OSSL_CORE_HANDLE *handle,
2286
                            uint32_t reason, const char *fmt, va_list args)
2287
0
{
2288
    /*
2289
     * We created this object originally and we know it is actually an
2290
     * OSSL_PROVIDER *, so the cast is safe
2291
     */
2292
0
    OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle;
2293
2294
    /*
2295
     * If the uppermost 8 bits are non-zero, it's an OpenSSL library
2296
     * error and will be treated as such.  Otherwise, it's a new style
2297
     * provider error and will be treated as such.
2298
     */
2299
0
    if (ERR_GET_LIB(reason) != 0) {
2300
0
        ERR_vset_error(ERR_GET_LIB(reason), ERR_GET_REASON(reason), fmt, args);
2301
0
    } else {
2302
0
        ERR_vset_error(prov->error_lib, (int)reason, fmt, args);
2303
0
    }
2304
0
}
2305
2306
static int core_set_error_mark(const OSSL_CORE_HANDLE *handle)
2307
0
{
2308
0
    return ERR_set_mark();
2309
0
}
2310
2311
static int core_clear_last_error_mark(const OSSL_CORE_HANDLE *handle)
2312
0
{
2313
0
    return ERR_clear_last_mark();
2314
0
}
2315
2316
static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle)
2317
0
{
2318
0
    return ERR_pop_to_mark();
2319
0
}
2320
2321
static void core_indicator_get_callback(OPENSSL_CORE_CTX *libctx,
2322
                                        OSSL_INDICATOR_CALLBACK **cb)
2323
0
{
2324
0
    OSSL_INDICATOR_get_callback((OSSL_LIB_CTX *)libctx, cb);
2325
0
}
2326
2327
static void core_self_test_get_callback(OPENSSL_CORE_CTX *libctx,
2328
                                        OSSL_CALLBACK **cb, void **cbarg)
2329
0
{
2330
0
    OSSL_SELF_TEST_get_callback((OSSL_LIB_CTX *)libctx, cb, cbarg);
2331
0
}
2332
2333
static size_t rand_get_entropy(const OSSL_CORE_HANDLE *handle,
2334
                               unsigned char **pout, int entropy,
2335
                               size_t min_len, size_t max_len)
2336
0
{
2337
0
    return ossl_rand_get_entropy((OSSL_LIB_CTX *)core_get_libctx(handle),
2338
0
                                 pout, entropy, min_len, max_len);
2339
0
}
2340
2341
static size_t rand_get_user_entropy(const OSSL_CORE_HANDLE *handle,
2342
                                    unsigned char **pout, int entropy,
2343
                                    size_t min_len, size_t max_len)
2344
0
{
2345
0
    return ossl_rand_get_user_entropy((OSSL_LIB_CTX *)core_get_libctx(handle),
2346
0
                                      pout, entropy, min_len, max_len);
2347
0
}
2348
2349
static void rand_cleanup_entropy(const OSSL_CORE_HANDLE *handle,
2350
                                 unsigned char *buf, size_t len)
2351
0
{
2352
0
    ossl_rand_cleanup_entropy((OSSL_LIB_CTX *)core_get_libctx(handle),
2353
0
                              buf, len);
2354
0
}
2355
2356
static void rand_cleanup_user_entropy(const OSSL_CORE_HANDLE *handle,
2357
                                      unsigned char *buf, size_t len)
2358
0
{
2359
0
    ossl_rand_cleanup_user_entropy((OSSL_LIB_CTX *)core_get_libctx(handle),
2360
0
                                   buf, len);
2361
0
}
2362
2363
static size_t rand_get_nonce(const OSSL_CORE_HANDLE *handle,
2364
                             unsigned char **pout,
2365
                             size_t min_len, size_t max_len,
2366
                             const void *salt, size_t salt_len)
2367
0
{
2368
0
    return ossl_rand_get_nonce((OSSL_LIB_CTX *)core_get_libctx(handle),
2369
0
                               pout, min_len, max_len, salt, salt_len);
2370
0
}
2371
2372
static size_t rand_get_user_nonce(const OSSL_CORE_HANDLE *handle,
2373
                                  unsigned char **pout,
2374
                                  size_t min_len, size_t max_len,
2375
                                  const void *salt, size_t salt_len)
2376
0
{
2377
0
    return ossl_rand_get_user_nonce((OSSL_LIB_CTX *)core_get_libctx(handle),
2378
0
                                    pout, min_len, max_len, salt, salt_len);
2379
0
}
2380
2381
static void rand_cleanup_nonce(const OSSL_CORE_HANDLE *handle,
2382
                               unsigned char *buf, size_t len)
2383
0
{
2384
0
    ossl_rand_cleanup_nonce((OSSL_LIB_CTX *)core_get_libctx(handle),
2385
0
                            buf, len);
2386
0
}
2387
2388
static void rand_cleanup_user_nonce(const OSSL_CORE_HANDLE *handle,
2389
                               unsigned char *buf, size_t len)
2390
0
{
2391
0
    ossl_rand_cleanup_user_nonce((OSSL_LIB_CTX *)core_get_libctx(handle),
2392
0
                                 buf, len);
2393
0
}
2394
2395
static const char *core_provider_get0_name(const OSSL_CORE_HANDLE *prov)
2396
0
{
2397
0
    return OSSL_PROVIDER_get0_name((const OSSL_PROVIDER *)prov);
2398
0
}
2399
2400
static void *core_provider_get0_provider_ctx(const OSSL_CORE_HANDLE *prov)
2401
0
{
2402
0
    return OSSL_PROVIDER_get0_provider_ctx((const OSSL_PROVIDER *)prov);
2403
0
}
2404
2405
static const OSSL_DISPATCH *
2406
core_provider_get0_dispatch(const OSSL_CORE_HANDLE *prov)
2407
0
{
2408
0
    return OSSL_PROVIDER_get0_dispatch((const OSSL_PROVIDER *)prov);
2409
0
}
2410
2411
static int core_provider_up_ref_intern(const OSSL_CORE_HANDLE *prov,
2412
                                       int activate)
2413
0
{
2414
0
    return provider_up_ref_intern((OSSL_PROVIDER *)prov, activate);
2415
0
}
2416
2417
static int core_provider_free_intern(const OSSL_CORE_HANDLE *prov,
2418
                                     int deactivate)
2419
0
{
2420
0
    return provider_free_intern((OSSL_PROVIDER *)prov, deactivate);
2421
0
}
2422
2423
static int core_obj_add_sigid(const OSSL_CORE_HANDLE *prov,
2424
                              const char *sign_name, const char *digest_name,
2425
                              const char *pkey_name)
2426
0
{
2427
0
    int sign_nid = OBJ_txt2nid(sign_name);
2428
0
    int digest_nid = NID_undef;
2429
0
    int pkey_nid = OBJ_txt2nid(pkey_name);
2430
2431
0
    if (digest_name != NULL && digest_name[0] != '\0'
2432
0
        && (digest_nid = OBJ_txt2nid(digest_name)) == NID_undef)
2433
0
            return 0;
2434
2435
0
    if (sign_nid == NID_undef)
2436
0
        return 0;
2437
2438
    /*
2439
     * Check if it already exists. This is a success if so (even if we don't
2440
     * have nids for the digest/pkey)
2441
     */
2442
0
    if (OBJ_find_sigid_algs(sign_nid, NULL, NULL))
2443
0
        return 1;
2444
2445
0
    if (pkey_nid == NID_undef)
2446
0
        return 0;
2447
2448
0
    return OBJ_add_sigid(sign_nid, digest_nid, pkey_nid);
2449
0
}
2450
2451
static int core_obj_create(const OSSL_CORE_HANDLE *prov, const char *oid,
2452
                           const char *sn, const char *ln)
2453
0
{
2454
    /* Check if it already exists and create it if not */
2455
0
    return OBJ_txt2nid(oid) != NID_undef
2456
0
           || OBJ_create(oid, sn, ln) != NID_undef;
2457
0
}
2458
#endif /* FIPS_MODULE */
2459
2460
/*
2461
 * Functions provided by the core.
2462
 */
2463
static const OSSL_DISPATCH core_dispatch_[] = {
2464
    { OSSL_FUNC_CORE_GETTABLE_PARAMS, (void (*)(void))core_gettable_params },
2465
    { OSSL_FUNC_CORE_GET_PARAMS, (void (*)(void))core_get_params },
2466
    { OSSL_FUNC_CORE_GET_LIBCTX, (void (*)(void))core_get_libctx },
2467
    { OSSL_FUNC_CORE_THREAD_START, (void (*)(void))core_thread_start },
2468
#ifndef FIPS_MODULE
2469
    { OSSL_FUNC_CORE_NEW_ERROR, (void (*)(void))core_new_error },
2470
    { OSSL_FUNC_CORE_SET_ERROR_DEBUG, (void (*)(void))core_set_error_debug },
2471
    { OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error },
2472
    { OSSL_FUNC_CORE_SET_ERROR_MARK, (void (*)(void))core_set_error_mark },
2473
    { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK,
2474
      (void (*)(void))core_clear_last_error_mark },
2475
    { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark },
2476
    { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file },
2477
    { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf },
2478
    { OSSL_FUNC_BIO_READ_EX, (void (*)(void))ossl_core_bio_read_ex },
2479
    { OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))ossl_core_bio_write_ex },
2480
    { OSSL_FUNC_BIO_GETS, (void (*)(void))ossl_core_bio_gets },
2481
    { OSSL_FUNC_BIO_PUTS, (void (*)(void))ossl_core_bio_puts },
2482
    { OSSL_FUNC_BIO_CTRL, (void (*)(void))ossl_core_bio_ctrl },
2483
    { OSSL_FUNC_BIO_UP_REF, (void (*)(void))ossl_core_bio_up_ref },
2484
    { OSSL_FUNC_BIO_FREE, (void (*)(void))ossl_core_bio_free },
2485
    { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))ossl_core_bio_vprintf },
2486
    { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf },
2487
    { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))core_self_test_get_callback },
2488
    { OSSL_FUNC_INDICATOR_CB, (void (*)(void))core_indicator_get_callback },
2489
    { OSSL_FUNC_GET_ENTROPY, (void (*)(void))rand_get_entropy },
2490
    { OSSL_FUNC_GET_USER_ENTROPY, (void (*)(void))rand_get_user_entropy },
2491
    { OSSL_FUNC_CLEANUP_ENTROPY, (void (*)(void))rand_cleanup_entropy },
2492
    { OSSL_FUNC_CLEANUP_USER_ENTROPY, (void (*)(void))rand_cleanup_user_entropy },
2493
    { OSSL_FUNC_GET_NONCE, (void (*)(void))rand_get_nonce },
2494
    { OSSL_FUNC_GET_USER_NONCE, (void (*)(void))rand_get_user_nonce },
2495
    { OSSL_FUNC_CLEANUP_NONCE, (void (*)(void))rand_cleanup_nonce },
2496
    { OSSL_FUNC_CLEANUP_USER_NONCE, (void (*)(void))rand_cleanup_user_nonce },
2497
#endif
2498
    { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc },
2499
    { OSSL_FUNC_CRYPTO_ZALLOC, (void (*)(void))CRYPTO_zalloc },
2500
    { OSSL_FUNC_CRYPTO_FREE, (void (*)(void))CRYPTO_free },
2501
    { OSSL_FUNC_CRYPTO_CLEAR_FREE, (void (*)(void))CRYPTO_clear_free },
2502
    { OSSL_FUNC_CRYPTO_REALLOC, (void (*)(void))CRYPTO_realloc },
2503
    { OSSL_FUNC_CRYPTO_CLEAR_REALLOC, (void (*)(void))CRYPTO_clear_realloc },
2504
    { OSSL_FUNC_CRYPTO_SECURE_MALLOC, (void (*)(void))CRYPTO_secure_malloc },
2505
    { OSSL_FUNC_CRYPTO_SECURE_ZALLOC, (void (*)(void))CRYPTO_secure_zalloc },
2506
    { OSSL_FUNC_CRYPTO_SECURE_FREE, (void (*)(void))CRYPTO_secure_free },
2507
    { OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE,
2508
        (void (*)(void))CRYPTO_secure_clear_free },
2509
    { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED,
2510
        (void (*)(void))CRYPTO_secure_allocated },
2511
    { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse },
2512
#ifndef FIPS_MODULE
2513
    { OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB,
2514
        (void (*)(void))ossl_provider_register_child_cb },
2515
    { OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB,
2516
        (void (*)(void))ossl_provider_deregister_child_cb },
2517
    { OSSL_FUNC_PROVIDER_NAME,
2518
        (void (*)(void))core_provider_get0_name },
2519
    { OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX,
2520
        (void (*)(void))core_provider_get0_provider_ctx },
2521
    { OSSL_FUNC_PROVIDER_GET0_DISPATCH,
2522
        (void (*)(void))core_provider_get0_dispatch },
2523
    { OSSL_FUNC_PROVIDER_UP_REF,
2524
        (void (*)(void))core_provider_up_ref_intern },
2525
    { OSSL_FUNC_PROVIDER_FREE,
2526
        (void (*)(void))core_provider_free_intern },
2527
    { OSSL_FUNC_CORE_OBJ_ADD_SIGID, (void (*)(void))core_obj_add_sigid },
2528
    { OSSL_FUNC_CORE_OBJ_CREATE, (void (*)(void))core_obj_create },
2529
#endif
2530
    OSSL_DISPATCH_END
2531
};
2532
static const OSSL_DISPATCH *core_dispatch = core_dispatch_;